Adopt Strong Cloud Security Strategies from the Ground up!

When we ask the question about secrets, people usually mean one of the 3 things or all of them:

1. As a user, how can I add my secrets in Brainboard and use them?
You have the possibility to add them as a variable and flag it as sensitive, this way they will be put in our Hashicorp Vault and will be hidden from the output when the task is executed. We are planning to open our Vault to our customers but we don’t have an ETA yet.

2. How can I access my secrets in my key-vault like KMS, Azure KV or Hashicorp vault?
If you already have a vault like KMS, AKV, you can use the AWS or Azure resource for that.
For e.g. aws_kms_key to create a new key or use data to use an existing one. Or azurerm_key_vault ****for Azure.
You can also combine kms resources and use variables that are flagged secrets in their id or alias to completely hide any information regarding secrets

3. How secrets are managed at deployment time?
At deployment time, if you deploy with your own CI/CD pipeline, you can inject secret by the tool you use as the variables are already defined. If you deploy through Brainboard, it creates an isolated execution environments, get secrets from Vault and provide them to Terraform for execution.

Brainboard offers several key features that enhance your Infrastructure-as-Code (IaC) operations:

‍Data Ownership: In Brainboard, users own their data in every action they do, whether it's pull requests, git workflows, or remote back-end. Brainboard only accesses data in specific scenarios, such as designing and pushing to git, planning and pushing to git, and designing & deploying within Brainboard.

‍Isolated Environment for Terraform Execution: Brainboard provides several execution options for your Terraform code, including running Terraform in an isolated environment. This means that the code is executed in a separate, secure environment that is not accessible by other applications or users, providing an additional layer of security to your data during testing.

‍Encryption: All data stored in Brainboard, including the architecture diagram, cloud resources and configuration, variables, and credentials, are encrypted both at rest and in transit. This means that the data is stored in an encrypted format in the Brainboard database and any data transmitted between Brainboard and external systems is encrypted to prevent interception by unauthorized parties.

‍Role-Based Access Control (RBAC): Brainboard has implemented RBAC, a security mechanism that ensures that users have access to only the resources they need to perform their jobs. By defining IAM (Identity and Access Management) roles and policies, you can assign permissions to users based on their job function and limit access to only the resources they need to perform their work.

‍SOC2 Certification: Brainboard is SOC2 certified, meaning that the platform has undergone a rigorous security audit by an independent third-party auditor and has been found to meet the criteria for the SOC2 security standard. This certification demonstrates Brainboard's commitment to maintaining the highest levels of security and privacy for their customers’ data.

You have 2 options:

1. Configure the default remote backend at the organization level here: where you can specify either S3 or Azure blob storage. Brainboard will construct the right configuration that you can see in a file: [backend.tf](<http://backend.tf>) This file will be included when you do the pull request.

2. You also have the possibility to override the global configuration and set a specific remote backend at the architecture level. It works the same way.

The locking mechanism is a way to protect the Terraform state to prevent concurrent execution against the same file that will corrupt it. If you use S3 as a remote a backend it’s advised to use Dynamodb table for that.

At Brainboard we implemented our own mechanism to project the Terraform state even at the UI level. When there is an ongoing execution, Brainboard doesn’t accept to trigger a new one and warn the user that there is an ongoing action.

Yes, you can speak to a professional while using Brainboard. There are several ways to get in touch:

‍Real-time Support: While using Brainboard, you can reach out in real time by clicking on the "Ask us anything" button in the top right corner. One of the team members will reply to answer your questions or assist you with any technical topic.

‍Email Support: If you prefer asynchronous communication or if you want to schedule a call for help on a specific technical topic, you can reach out to the technical team at [email protected]. A cloud architect from the team will assist you.

‍Security Reports: To request access to security reports like SOC 2 Type II, you can use the provided portal. Your account manager or sales representative will approve your request.

‍Report Security Issues: If you need to report a security issue, you can reach out to the security team at [email protected].

‍Feature Request: If you want to request a new feature or see what the community has requested, you can check Brainboard's public roadmap.

‍Request a Demo: To request a demo of Brainboard, you can reach out to the sales team at [email protected].Remember, the Brainboard team loves talking to their users, so don't hesitate to reach out with any questions or concerns you may have.

To minimize drift between environment, you can use the synced architecture that replicate any change you do in one environment into the other automatically while still isolating each env with its own variables.

Yes, we support SSO. Standards: OpenID Connect (OIDC) and SAML 2.0.

We do not use 3rd party data centers. Everything is in the cloud, either Azure or AWS.

For SOC2 Type 2 information, you can request access here: https://security.brainboard.co