See the forest and the trees.

Open-source, cloud-native, configuration & secret management

Super simple.

Follow Figgy’s laid-out path for config management. It’s AWS native, compatible with all AWS services, and follows AWS best practices.

Config like a boss.

Detect and remedy misconfigurations before deployment rather than scrambling after the alarm bells are going off.

All knowing.

Figgy audits every event: the who, what, where and when. You can roll back configurations to any point-in-time in the past–even to the second.

Secret ownership done right.

Teams of secret owners can securely track, manage, and rotate their secrets in their team’s secure space. Share secrets directly with the applications that need them–without going through a middle-man.

Serverless AWS integrations.

Figgy Cloud deploys directly into your AWS environment. There are no servers to patch or maintain, no overlap of existing AWS functionality, and no dependency on 3rd parties.

Microservices are great, but your growing service footprint means configuration management just got a lot harder. Figgy is for teams looking to embrace modern cloud-native design but avoid the complexity and management burden of in-house or 3rd party tools.


Figgy CLI

A custom built CLI on top of AWS ParameterStore that addresses many ParameterStore limitations.
Add / Update / Delete / Edit configurations and more.
Promote configs from lower to higher environments.
Share secrets directly to the code that needs them. No more handing DB credentials to some middle man so they can go put them "somewhere".
Browse a log that tracks all config changes over time, even for deleted configs.
Roll back any configuration or hierarchy of configurations to any point in time in the past--to the second.
Combat config sprawl. Figgy will tell you if you have a config in ParameterStore that you aren't using anymore.

Simplify your development workflow.

Easily integrate your CICD process with Figgy.

Break the build and prevent misconfigurations from making their way to production.

Give developers confidence their code will bootstrap properly if Figgy gives the thumbs-up.

Cultivate config clarity.

Following Figgy best-practices means you'll quickly know what configurations your app is using at any point-in-time.

Detect and clean-up unused configurations with the prune command.

Let your code inform your configuration.

Figgy shared libraries can auto-generate your configuration tree from your application code.


SSO Integrations with Google Admin Console, OKTA, and AWS

MFA support for all SSO Types.

Abandon long-lived access keys

Figgy only uses temporary AWS sessions and can help you abandon long-lived credentials by adopting Single Sign-On.

Easy to manage role-based access control (RBAC).

Easily assign different user types access to different sections of your ParameterStore tree.

Figgy will help you write concise least-privilege IAM policies.

Securely share secrets between config trees.
Provision and allocate access to as many KMS encryption keys as you want. Figgy will hide the complexity and simplify secret encryption.
Get more visibility into your configuration stack. Know what's being changed, by who, where, and when.

No 3rd Parties

Figgy is free, open source, and installs directly in your environment.
No SaaS or 3rd parties here, just a serverless application deployed directly in your AWS account.
Figgy is flexible. Customize your deployment to meet your organization's unique needs.

The Figgy Lockbox

Figgy only generates temporary sessions to AWS, encrypts them, and stores them in a local "Figgy Lockbox"
These temporary credentials can be used for local development by decrypting & pulling them from the "Figgy Lockbox"


Get automated Slack notifications when secrets are changed or updated, and know who made them.
SSO Integrations with Google, OKTA, and AWS.
More to come!