In development

Redactus

An AWS Secrets Manager auditor built for fractional CISOs and SOC2-prep consultants — the hygiene findings your compliance platform doesn't pull, surfaced as evidence you can hand a client. Across one AWS account or twenty.

What it audits

  • Rotation status Secrets that have never rotated, have rotation disabled, or are overdue based on your policy
  • Unused secrets Secrets with no recent access — findings to surface for the client to triage, not deletions Redactus will make
  • Resource policy coverage Secrets without restrictive resource policies, accessible to broader principals than intended
  • Access patterns Access that doesn't match the documented use — cross-account reads without justification, principals outside the expected set
  • Naming and tagging Secrets the client can't account for in the audit narrative — unnamed, untagged, or tagged inconsistently across environments
  • Replication and redundancy Secrets missing cross-region replication where required by architecture
  • Remediation suggestions Each finding includes a suggested fix to hand the client — Redactus reports and recommends, never writes to your AWS

Where it came from

Managing AWS environments for clients, I kept running into the same thing: nobody really knew what state their secrets were in. Rotation disabled. Resource policies looser than anyone realized. Secrets that hadn't been touched in years. The native tooling tells you what's there, not what's wrong with it.

Redactus is what I built to answer that question. It's in development.

Follow on GitHub →

Get notified at launch

I'll send you a note when Redactus is ready. No drip sequence.

No spam. Just a launch notification.