Skip to content

Data Flow

Overview

SailPoint Entro's data flow defines how information moves securely from integrated environments into the platform. Every stage ensures minimal exposure, verifiable integrity, and compliance with enterprise-grade security controls.


1. Data Ingestion

  • Sources: Git repositories, CI/CD systems, cloud providers, secret managers, ticketing systems.

  • Collectors: Each source is connected via a dedicated collector container using read-only credentials.

  • Transport: Data is transmitted over HTTPS with mutual TLS.

  • Scope: Only metadata and potential secret fingerprints are collected-no source code is permanently stored.


2. Data Processing

  • Parsing: Raw data is parsed using context-aware regex and NLP models to extract secrets, tokens, or credentials.

  • Normalization: Each finding is normalized into a common schema with metadata such as source, timestamp, and repository.

  • Deduplication: Identical findings across integrations are merged to avoid false positives.


3. Classification and Enrichment

  • AI Models: Classify data as valid secrets, configuration noise, or low-confidence tokens.

  • Enrichment: Valid secrets are enriched with additional context (IAM roles, commit authors, environment).

  • Ownership Mapping: The system links secrets to users, services, or non-human identities (NHIs).


4. Risk Scoring

  • Each secret is assigned a risk score based on:

    • Exposure vector (public, internal, private)

    • Privilege level (admin, read-only, service account)

    • Rotation status and last usage

    • Source sensitivity (prod vs. dev environment)


5. Storage

  • Processed and scored data is stored in encrypted PostgreSQL or AWS RDS.

  • No plaintext secrets are stored-only hashed fingerprints and metadata.

  • Access to the database is restricted through IAM policies and network segmentation.


6. Visualization and Access

  • Users interact with findings via the SailPoint Entro Web Console or REST/GraphQL APIs.

  • Dashboards show:

    • Secret exposure timelines

    • Correlation graphs between assets and credentials

    • Compliance and remediation reports