Built read-only from day one
Security scanning shouldn't introduce risk. Graymole only ever looks. Here's exactly how your access and data are protected.
Read-only, always
On AWS, a cross-account IAM role with only AWS-managed read-only policies (SecurityAudit + ViewOnlyAccess). On GCP, a service account with roles/viewer. On Azure, a service principal with the built-in Reader role. Graymole is technically incapable of changing your infrastructure.
You hold the keys
AWS cross-account roles use a unique ExternalId and trust only our scanner principal. Revoke access any time by deleting one role, service account, or app registration. We never ask for console or root credentials.
Encrypted at rest
Stored credentials (AWS access keys, GCP service-account keys, Azure client secrets) are envelope-encrypted before they ever touch the database and are never returned by any API.
Tenant isolation
Every account, scan, and finding is scoped to your tenant. Data is partitioned and access-checked on every request.
Traceable findings
Each finding links to the exact raw API response behind it. We keep the evidence for every finding, so your team can verify every recommendation independently.
No telemetry, no surprise actions
Graymole never auto-remediates and sends no telemetry. It shows you the fix command; you decide whether and when to run it.
# The only permissions graymole ever uses
# AWS: cross-account role
ManagedPolicyArns:
- arn:aws:iam::aws:policy/SecurityAudit
- arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
# GCP: service account
roles/viewer
# Azure: service principal
Reader (built-in role)