Categorygithub.com/torchsecurity/torch-secret-analyzer
module
0.1.3
Repository: https://github.com/torchsecurity/torch-secret-analyzer.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
0
Dependents
0
Files
0

# README

Logo

Keep your secrets safe.

Go Report Card License

About Torch Secrets Analyzer

Torch Secrets Analyzer is a simple (yet powerful!) tool that helps analyze the access to secrets stored in a secrets manager.

It helps answer questions like:

  • Who can access a certain secret in my secrets manager?
  • Who actually pulled that secret in a certain timeframe?
  • Which of my services (e.g. Lambdas, K8s) are using which secret?

Currently supporting AWS Secrets Manager. HashiCorp Vault support coming soon.

Installation 🛠️

Brew

brew tap torchsecurity/torch
brew install torchsecurity/torch/torch

Install via go install

If you have Go installed, you can quickly install Torch with:

go install github.com/torchsecurity/torch-secret-analyzer/cmd/torch@latest

AWS Secrets Manager

Configuration

Torch Secrets Analyzer uses your local AWS profile to access AWS Secrets Manager. It requires no additional permissions or configuration.

Check AWS profile

To check the AWS profile under which the tool runs, run the command:

torch aws auth print

Configure a new AWS profile (or an existing one)

Torch Secrets Analyzer supports using both credential and SSO profiles.

Configure a credential profile:

torch aws auth config [--profile]

Configure an SSO profile:

torch aws auth config sso [--profile]

Analyze actual access to a secret

Torch analyzes AWS Cloudtrail events and crosses information with AWS Secrets Manager to identify who are the "consumers" of a given secrets in a given timeframe.

Run the following command to see the people and services that accessed a certain secret:

torch aws consumers list-actual --secret-id <your-secret-id> [--region <aws-region>] [--profile <your-local-aws-profile-to-use>] [--days-back <14>]

Expected output:

Listing all actual consumers of the secret based on AWS CloudTrail Events, filtering for read events in the last 14 days...

Human:
* user:admin (last read on 2024-10-02T13:17:48Z)

Machine:
* eks:billing-svc (last read on 2024-10-13T01:25:07Z)
* lambda:stripeAuditLogs (last read on 2024-10-12T23:13:31Z)

Analyze permissions to pull a secret

Torch analyzes and correlates data across AWS IAM and AWS Secrets Manager to identify users and services with permission to access a certain secret.

Coming Soon!

Hashicorp Value

Coming Soon!

Contributing :heart:

Contributions are very welcome! Please see our contribution guidelines first.

About Torch Security

We're building the future of secrets management. Does that pique your interest?

Follow us on LinkedIn for exciting updates, or 📧 let's connect

# Packages

No description provided by the author
No description provided by the author