General Security Concepts
Given that the Redactics Agent interacts with your production data, it would not be a surprise for you to have some concerns or questions about this. Here are some basic details and strategies for alleviating these concerns:
- Read-only database users can be used. The Redactics Agent does not alter your source database in any way, therefore it does not require any write access.
- Your production data never leaves your network. If you wish to confirm this the source code is available in the Open Source edition (the Free edition shares this same core). Metadata/stacktraces and basic metrics are sent to the Dashboard API to assist you with maintaining overall workflow health, but your production data is not shipped off your network.
- Your database credentials are stored in your local configuration file, and never sent off your network. This local configuration file is used for installing the Redactics Agent, where at installation time these credentials are saved to the internal database used by the Redactics Agent via Fernet encryption. Your Fernet encryption key is randomly generated by the Dashboard API, but there is no way for these credentials to be remotely accessed. The source code is availabe in the Open Source edition if you wish to confirm this behaviour.
- SSL/TLS connectivity is supported, your certificates are stored in your Kubernetes secrets, which likewise cannot be accessed remotely.
- Access to your Redactics Agent can be managed via Kubernetes RBAC rules. The Redactics CLI requires very little access to operate, and the Agent is built to function like an appliance where no special access is required for ordinary users beyond dashboard/web access.
Data Security and Privacy
By using Redactics you can limit the exposure to your production databases except for unique "break glass" sort of scenarios by having all stakeholders default to using safe datasets generated by Redactics, particularly where your stakeholders don't need up-to-the-minute data freshness (although full real-time replication is something we are working on). By defaulting to using Redactics generated data in your "No PII Zone", you can not only dedicate infrastructure for this access, but work around having to maintain VPN policies or data vault architectures/services for the bulk of the access required. Additionally, with the data privacy layers supported by Redactics, your personally identifiable information and sensitive information can be handled so that your stakeholders do not require special training or policies to support even day one hires from accessing this data.
Open Source Edition Network Security
There is no authentication layer or concept of users included in the Open Source edition currently. Kubernetes port-forwarding is a good way of testing access to Redactics without compromising network security, but the project is open to accepting PRs and ideas for providing authentication and authorization layers. Without authentication this also means that there is no concept of users. If you wish authentication and the ability to maintain and invite users into your company for regulating access controls, please use the Free edition instead in the meantime.