TurboFinOpsTurboFinOps
Docs/Security Model

Trust

Security and Isolation Model

Security controls are built into identity, tenancy, secrets handling and immutable evidence trails.

Security & Trust page

Identity and access

  • Supabase authentication with organization claim resolution.
  • Server-side role enforcement for every protected route.
  • Settings support for SSO/SAML onboarding paths.

Tenant isolation

  • Every query is scoped by organizationId.
  • Dashboard proxy endpoints enforce tenant context.
  • Organization-scoped access checks guard API operations.

Secrets and key management

  • Credential encryption at rest.
  • Rotation workflows and posture telemetry.
  • Fail-closed guardrails where configured.

Audit and evidence

  • Immutable audit events for state-changing operations.
  • Evidence artifacts include provenance metadata.
  • Action and policy changes are attributable to actor and role.

Request security flow

01

Authenticate

Supabase session is read server-side and user identity is resolved before dashboard data loads.

02

Resolve organization

The request is matched to the active organization and membership is validated.

03

Authorize role

The server checks whether the user role can access the requested domain or action.

04

Scope data

Database reads and writes include organizationId so tenant data cannot bleed across accounts.

05

Audit mutation

State-changing operations emit an audit event with actor, timestamp, result and correlation metadata.

Operating controls

Least privilege cloud access

Start with read-only discovery credentials and add write permissions only for approved action types.

Secret rotation

Rotate provider credentials through connection workflows and verify scan health after rotation.

Exception review

Suppressed findings and action overrides should include a reason and be reviewed during audit cycles.

Break-glass discipline

Manual overrides should be time-bounded, assigned to an Admin and backed by audit evidence.

TurboFinOps

Start with one cloud scope. Prove savings fast.

Connect AWS, Azure, or GCP and get actionable findings, score trends, and auditable remediation paths in minutes.

Built for FinOps, governance and audit workflows
Book a DemoCompare Plans