|
| 1 | +--- |
| 2 | +title: "Dotenvx and SOC 2 Compliance" |
| 3 | +logo: ops |
| 4 | +image: "/assets/img/og-image-soc2.png" |
| 5 | +--- |
| 6 | + |
| 7 | +<section class="w-full max-w-2xl mx-auto px-6 mt-12 md:mt-20 flex flex-col gap-8"> |
| 8 | + <h1 class="font-extrabold text-3xl sm:text-5xl text-zinc-950 dark:text-zinc-50 text-center">Dotenvx and SOC 2 Compliance</h1> |
| 9 | + <p class="text-xl text-center"><strong>The Problem.</strong> Most engineering teams store API keys, tokens, and passwords in .env files. While convenient, plaintext .env files introduce major SOC 2 control gaps:</p> |
| 10 | + <div class="grid grid-cols-1 sm:grid-cols-2 gap-4"> |
| 11 | + <p class="text-left"> |
| 12 | + <strong>Unencrypted at Rest.</strong> Any insider or attacker with file access can read credentials directly from disk. |
| 13 | + </p> |
| 14 | + <p class="text-left"> |
| 15 | + <strong>Unrestricted Distribution.</strong> .env files are easily copied or committed to Git, spreading secrets beyond intended boundaries. |
| 16 | + </p> |
| 17 | + <p class="text-left"> |
| 18 | + <strong>Unaudited Changes.</strong> Updates to secrets happen without traceability, making it impossible to verify rotation or authorization. |
| 19 | + </p> |
| 20 | + <p class="text-left"> |
| 21 | + <strong>Unmonitered Usage.</strong> Secrets can be accessed or reused without detection, exposing organizations to silent credential abuse. |
| 22 | + </p> |
| 23 | + </div> |
| 24 | + <p>These risks map directly to SOC 2 deficiencies under the <strong>Security (CC6, CC7), Confidentiality (C1), Change Management (CC8)</strong>, and <strong>System Operations (CC7)</strong> criteria. And SOC 2 isn't just a checkbox—it's proof your organization takes security seriously.</p> |
| 25 | + <hr/> |
| 26 | + <p class="text-xl text-center"><strong>The Solution.</strong> Dotenvx closes these control gaps by enforcing encryption, access boundaries, and auditability for all your organization's .env files.</p> |
| 27 | + <div class="grid grid-cols-1 sm:grid-cols-2 gap-4"> |
| 28 | + <p class="text-left"> |
| 29 | + <strong>Encrypted at Rest.</strong> Dotenvx encrypts every .env file using asymmetric keys, ensuring only authorized devices can decrypt and read secrets. |
| 30 | + </p> |
| 31 | + <p class="text-left"> |
| 32 | + <strong>Controlled Distribution.</strong> Access is restricted to team members holding the decryption keys, preventing unauthorized sharing. |
| 33 | + </p> |
| 34 | + <p class="text-left"> |
| 35 | + <strong>Audited Changes.</strong> Every rotation and key update is logged—giving your team full traceability and verifiable evidence for compliance. |
| 36 | + </p> |
| 37 | + <p class="text-left"> |
| 38 | + <strong>Monitored Usage.</strong> Dotenvx's Radar feature tracks runtime env-file activity, detecting anomalies or credential abuse before they become incidents. |
| 39 | + </p> |
| 40 | + </div> |
| 41 | + <p><strong>Ready to strengthen your SOC 2 controls?</strong> Inquire about our SOC 2 Implementation Pack — a full set of control mappings, policy templates, and auditor-ready evidence built for teams using dotenvx.</p> |
| 42 | + <div class="flex flex-row gap-4 justify-center my-6"> |
| 43 | + <a class="btn-primary" href="mailto:[email protected]">Request the SOC 2 Implementation Pack →</a> |
| 44 | + <a class="btn" href="https://dotenvx.com/dotenvx.pdf">Whitepaper</a> |
| 45 | + </div> |
| 46 | +</section> |
| 47 | + |
| 48 | + |
| 49 | + |
0 commit comments