Overview
Encrova is a secrets management platform designed to securely store, distribute, and manage sensitive data such as API keys, credentials, and encryption keys across applications and infrastructure. It provides end-to-end encryption to ensure that secrets remain confidential and protected from unauthorized access.High level Architecture
Key Architectural Components
Client SDKs & APIs
Client SDKs & APIs
- Encrova provides SDKs (for multiple languages) and a RESTful APIs to interact with secrets.
- Developers can fetch secrets at runtime, inject them into environments, and manage secrets without exposing them in code.
- Supports integrations with Docker, Kubernetes, Terraform, and CI/CD pipelines.
Encrova Server
Encrova Server
- A centralized backend that manages secrets, access control, and encryption policies.
- Provides RESTful APIs for fetching and updating secrets.
- Supports self-hosting or a cloud-based deployment.
Database (PostgreSQL)
Database (PostgreSQL)
- Stores encrypted secrets, metadata, and access logs.
- Uses role-based access control (RBAC) to manage user permissions.
Encryption Mechanism
Encryption Mechanism
- End-to-end encryption (E2EE) ensures that secrets are encrypted before leaving the client.
- AES-256 encryption is used for storage.
- Uses RSA/ECC for asymmetric encryption when sharing secrets securely between users.
- Supports integration with hardware security modules (HSMs) or cloud-based key management services (KMS).
Access Control & Role-Based Permissions
Access Control & Role-Based Permissions
- Implements RBAC to restrict secret access based on user roles.
- Supports workspace-level access control where different teams can have separate environments.
- Uses OAuth & SSO for authentication (Google, GitHub, SAML, etc.).
Secret Injection & Sync
Secret Injection & Sync
- Allows secrets to be injected directly into Docker, Kubernetes, AWS Lambda, and other environments at runtime.
- Syncs secrets with cloud providers like AWS SSM, Azure Key Vault, and HashiCorp Vault.
Auditing & Logging
Auditing & Logging
- Logs secret access and modification events for security compliance.
- Can integrate with SIEM tools (like ELK) for real-time monitoring.
Deployment Architecture
Tech Stack
- Reactjs
- Nodejs
- Python
- PostgreSQL
- Redis
- Elastic Search
- RabbitMQ