Has anyone on staff been through a soc audit? Which trust criteria will be used?

Does the app support data stores other than mongo?

Yes, we're quite familiar with SOC guidelines. We will be including all of Security, Confidentiality, Privacy, Availability, and Processing integrity categories into the SOC 2 examination. I think, given that Infisical is a secret-manager, all of these are very important!

Currently, we only support Mongo, although we received requests for some other ones. Which one are you interested in?

Almost any other standard database would be a better choice: Postgres, MySQL, even Redis.

Most companies avoid using MongoDb and lack the staff needed to administer it properly. It’s also hard to find a managed solution for Mongo in most cloud providers.

MongoDB provides MongoDB Atlas, our own managed service. which is supported on every cloud (AWS, Azure, GCP).

But you don’t need any cloud provider other than AWS, so why worry about that?

Oh, Mongo is a major turnoff. The only sensible data store to support in 2022 and beyond is Postgres, maybe SQLite IMO.

SQLite/filesystem and etcd or some kind of distributed store.

The SQLite and fs option would get you usage in Homelabs.

That's a heavy order for the SOC 2, especially if you're just starting out as a company.

Imho, it's more important that the code base is audited and the company is transparent.

Plain-text (encrypted) files and/or sqlite would be a great complement to whatever else.

Postgres!

But better yet you might want to make sure there is an abstraction layer so people can plug stuff in.

It’s a extra work but it only gets harder to do later.