[toomuchtodo]

Please consider some sort of access log for all activity around the secrets you’re managing, exposed to users in their account. Also consider a way to revoke all secrets/tokens at once with a privileged (MFA authorized) user action.

Best of luck, I think this product has a lot of value ahead based on the pain points addressed.

EDIT: This might also be of use before your SOC 2: https://latacora.singles/2020/03/12/the-soc-starting.html

[tg3]

The access log is a great idea, we'll build that.

[grinich]

[Shameless plug] Happy to help you with that with WorkOS :)

Here's our HN launch: https://news.ycombinator.com/item?id=22607402

And some more info on the Audit Trail feature: https://workos.com/features/audit-trail