DevSecOps Tranquility is Here

One important way Archodex observes secrets usage is by watching the requests your workloads make at runtime. For example, a Container of a Kubernetes Pod may make a request to Stripe's API to charge a customer for a purchase. When it does so, the container includes a Stripe API key in the request headers. Archodex observes this request, recording that the Stripe API key secret was used by the Container.

The Archodex Agent only observes API calls that match filters for the Rulesets you configure it to watch. If you don't configure any Rulesets to watch for Stripe requests, then Stripe requests will not be observed and will not count against your usage limit.

Archodex usage limits apply across all workloads. You might have a mix of workloads where some make more observed API calls than others. Usage across workloads is metered, and the Archodex Agent will stop observing API calls when the limit is reached until the next hour of usage begins. The Archodex Agent logs and Dashboard will notify you if this occurs.

Note for individuals and small teams: Our intention is to make Archodex free for your usage. If you hit limits on the free-tier, then please reach out to us at support@archodex.com.

A Tracked Resource is any unique resource that Archodex observes and tracks in its graph database. This includes resources like Kubernetes Clusters, Services, and Deployments, Hashicorp Vault Secrets, and Stripe API Keys.

Your total count of Tracked Resources includes all of the unique resources that Archodex has observed across all of your workloads. The Archodex Agent logs and Dashboard will notify you if you exceed this usage limit. The Archodex service will silently discard newly observed resources while your account is above the limit, though it will still update metadata about previously observed resources.

Note for individuals and small teams: Our intention is to make Archodex free for your usage. If you hit limits on the free-tier, then please reach out to us at support@archodex.com.

The Log-only Agent mode is a deployment option for the Archodex Agent that observes and logs API calls without reporting them to a central Archodex backend service. This mode is useful when you are trying out Archodex for the first time and want to be absolutely sure no confidential data leaves your environment. It is also the default mode if you do not provide an Archodex Report API Key, ensuring you are in full control of your confidential data.

The Log-only Agent mode is also useful when you would prefer to perform your own analysis of observed secrets usage. For example, instead of using a managed or self-hosted Archodex service, you may want to ingest the logs into your existing devsecops ETL pipeline for further processing and analysis.

Self-hosting Archodex means deploying and managing the Archodex backend API software on your own infrastructure, rather than using the managed service provided at archodex.com. This gives you full control over your data and how service is accessed. You can run Archodex in your own data center or in a cloud environment of your choice.

Most choose to self-host the backend API service alone, using the managed archodex.com dashboard and authentication system to access it. It is possible to self-host the dashboard as well if necessary for complex requirements and/or regulations.

Self-hosting the Archodex backend API is straightforward. There is no additional cost to self-host, and images to run the backend API service are published in the GitHub Container Repository. You simply run the backend API container and configure a connection to a SurrealDB database.

Community Support is the support provided through our GitHub Discussions and Matrix Chat Room. We monitor and respond to questions and issues raised in these community forums for all free-tier options, including both managed and self-hosted deployments.