Comment by codexetreme
5 days ago
I used to run a similar company in this space. gearsec.io My 2 cents are that no one we spoke was comfortable with us having mitm plus access to their secrets no matter how much we told we'll host it in your cloud.
The few who agreed were rigorously testing our product and asked for code SBOMs before even a pilot.
Infiscals agent vault might be the best middle ground for this kind of setups I feel sometimes
Thank you for the insights! We thought about this when we started working on the project and this is among the reasons we decided to go the open-source route. We think building in the open make it easier to earn users trust and give opportunities for them to audit the code and the dependencies. Also, note that with Kloak user secrets and traffic never leave the user environment as we are not a SaaS product which make security requirements more relaxed.