Always-on, DevOps, ephemeral systems, containers, docker and at-scale systems drive a new and unique challenge to configuration management. Reflex is the answer.

Reflex is a firewall for your configurations, supporting ABAC, and able to meet regulatory compliance such as PCI. It helps if you run services for SaaS and multi-tenancy, as well as single scale apps and Functions as a Service.


Conventional configuration management systems focus on servers, and pivot around static assets; and conventional secrets system (Vault, Kubernetes, Docker) are simple key/value setups with basic RBAC access control. The former systems struggle with continuous software delivery, and all struggle with safe management of secrets, and Infrastructure as Code.

Reflex centers itself around the concept of services instead of servers, dynamic configuration with inheritance for the broad management needs that still exist in doing microservices, and live configuration states delivered at run-time in an ephemeral and continuously delivered pipelines, not just one service (so across a DEV, Test, Stage and Prod pipeline).

It is designed with modern ABAC security concepts to address secrets in the emerging "Internet of Things" world, and is meant to support secure run-time delivery of services, enhancing the solutions you already may have in place today to improve your options beyond what is possible with your current tools.

Reflex may not be for you if you are only interested in a handful of containers in a single environment (no pipelines for software delivery), or if you are running stock "IT" containers. If any of this is true for you, Reflex may be of value:

  • You are wrestling with managing the sprawl of microservices
  • You are wrestling with figuring out how to connect pipelines to production, and coherency around delivery of secrets and configurations across the pipelines
  • The rabbit-breeding key-value secrets in vault/etcd are getting you down
  • You are storing your secrets as plain environment variables (yikes)
  • You want to meet compliance/regulatory requirements which typically struggle in a DevOps/CI/CD World (i.e. PCI Compliance)
  • You want to more easily manage secrets, securely and robustly, in your FaaS space.

Reflex is Open Source Software, built by a community, with several sites in full production use.