CONFIGURATION SECRETS VAULT
Leverage Enzo proxy acounts and secret vault for applications and users
so that application secrets are never seen by developers. Implement strong
separation of duty by allowing administrators to manage secrets.
Building applications (web, mobile and IoT) requires storing service credentials
and API secrets in application configuration files so that the application can
function. Even if configuration secrets are pushed during deployment, application
developers may still write sensitive information in log file, by accident. Or not.
Central Configuration Settings
Enzo securely stores API secret keys so that applications do not have to; Enzo
provides proxy accounts that developers can use to build systems so that
developers, and applications, may never see them directly. Applications rely on
Enzo to make the actual API calls, so that the API secrets never leave Enzo.
Example: Jane needs to send tweets from her Windows application. With Enzo,
she only needs to store the proxy account that the application will use to
send tweets. The actual Twitter secrets are never visible to Jane, or the
Separation of Duty
Companies that need to enforce strong separation of duty can easily create
ACL rules that allow certain individuals to manage account access and
passwords, while preventing developers and power users from accessing the
actual API keys.
Example: John, an InfoSec engineer, is granted access to Enzo to manage
corporate API keys (such as the Twitter account). John can then grant access
to search from the Twitter timeline to Joe, in the Marketing department.