Tenant isolation
For cost and operational efficiency reasons, SaaS are often built as multi-tenant systems. In such a system you can run a single Vault and include your tenant id for every record stored in the Vault. In such cases, data may leak between tenants as a result of a software defect or misconfiguration.
The Vault includes a feature that can help you enforce this tenant isolation. This safety mechanism is especially potent when you can easily identify the tenant id of your requests at the beginning of a request, and generally trust that to be correct. Many times this id is being retrieved from a 3rd party authentication system that can be trusted independently. We recommend passing that tenant id to the Vault, which will lock that request to the specific tenant.
For example, assume a system with multiple tenants, each one has many Person
records in the Vault. Each tenant has a unique id which is being stored during every add object request. Then, a request arrives from tenant T
to retrieve the details of person P
. By passing X-Tenant-Id: T
in the header of the request as explained in the API documentation, the Vault will enforce that the person P
passed is a member of that tenant. In case of a violation, i.e. person P
doesn't belong to tenant T
, the request will be dropped to avoid any data leakage and these details will be logged. With the logs you can identify and fix issues in tenant isolation.