| Developers: | Flant |
| Last Release Date: | 2025/07/08 |
| Technology: | Information Security - Authentication |
Content |
2025
Multifactor Compatibility
On July 24, 2025, MULTIFACTOR and Flant announced the completion of all stages of compatibility testing of their solutions - the MULTIFACTOR two-factor authentication system and Deckhouse Stronghold. The tests confirmed the reliability and correctness of the products.
As part of the technological integration, a compatibility certificate has been issued.
For MULTIFACTOR users, the ability to integrate with Deckhouse Stronghold expands the list of protected resources by adding a domestic secret store to the list of supported solutions. In turn, Deckhouse Stronghold supports MULTIFACTOR connectivity as an additional two-factor authentication module. This allows customers to strengthen the security of existing processes without having to replace the current infrastructure.
 | The compatibility of the two-factor authentication system MULTIFACTOR and Deckhouse Stronghold helps to improve data protection, ensures compliance with cybersecurity laws and creates a reliable working environment for any IT solutions, - said Roman Bashkatov, Commercial Director of MULTIFACTOR. |  |
| | Deckhouse Stronghold's integration with MULTIFACTOR complements existing security mechanisms and creates an additional barrier to protecting critical secret operations. In addition, this gives our customers even more flexibility in building complex information security systems due to the support of the two-factor authentication system located in the register of Russian software, - said Konstantin Aksenov, Director of the Deckhouse Development Department of Flant. | |
Deckhouse Stronghold Community Edition for Secret Management
Flant has released the Deckhouse Stronghold Community Edition, a free version of the secure corporate secret management solution. This is a full-fledged Russian alternative to HashiCorp Vault Community Edition. The company announced this on July 8, 2025.
Deckhouse Stronghold Community Edition provides basic features for secure secret lifecycle management available in HashiCorp Vault Community Edition: Storage, Creation, Delivery, Recall, and Rotation. Popular authentication methods are supported (JWT, OIDC, Kubernetes, LDAP, Token) and Secret Engines (KV, Kubernetes, Database, SSH, PKI, etc.). The solution works with Russian operating systems (Red OS, ROSA Server, ALT Linux, Astra Linux Special Edition) and can be deployed in closed loops, integrates with Infrastructure as Code tools such as Ansible and Terraform, which makes it easy to implement it into existing DevOps processes. A convenient web interface is also available.
Enterprise-level functionality such as role management (AppRole, OIDC/JWT Role) via the web interface, namespace support, data replication, automatic API backups, and audit-logging remain available only in commercial product editions. This approach enables organizations to get started with basic functionality and scale the solution as needs grow.
| | With the release of Deckhouse Stronghold Community Edition, we offer the engineering community an affordable and state-of-the-art solution for secure secret management. This is a full-fledged tool developed in Russia that fully meets the requirements for domestic software and is already included in the register of the Ministry of Ministry of Digital Development. We give engineers a convenient tool and pave the way for feedback, joint development of functionality, as well as honest product support from the Deckhouse team, "said Vladimir Devyataykin, product manager at Deckhouse Stronghold. | |
Deckhouse Stronghold Community Edition is available exclusively as part of Deckhouse Kubernetes Platform in both free and commercial editions. In the future, the vendor plans to develop the functionality of Deckhouse Stronghold Community Edition, as well as open the source code of the product.
HashiCorp Vault Enterprise Feature Set
Deckhouse's Deckhouse solution Flant to securely manage Deckhouse Stronghold's corporate secrets - now offers the full range of HashiCorp Vault Enterprise-level features you need. The product provides the ability to create namespaces, automatic backup on schedule and replication. data Flant announced this on May 26, 2025.
After HashiCorp left the Russian market, many organizations faced a choice: use the limited functionality of the community version of Vault or look for a full-fledged replacement. Most domestic solutions still do not go beyond the basic capabilities, while Deckhouse Stronghold in 2025 implemented the key functionality available in HashiCorp Vault Enterprise.
Namespaces have appeared in the product with support for nesting and hierarchies, fully compatible with Vault Enterprise in API terms of access control logic. Added scheduled automation backup data with the ability to save files to and S3-compatible storage. KV1/KV2 storage replication has been implemented on the master-slave architecture, which is critical for reliable operation in geodistributed environments.
For customers, the compliance of Deckhouse Stronghold and Vault Enterprise with a set of required features means that the solution is ready for full use in critical and highly regulated IT environments. The product allows you to centralize secret management and simplify administration even in a large infrastructure, ensuring stability and control over critical processes. Due to compatibility with the Vault Enterprise API, companies can switch to a domestic solution without significant time and resources, while maintaining the usual access and security processes. This reduces risks and makes the transition from foreign software as smooth as possible.
| | We strive for Deckhouse Stronghold to become a full and reliable replacement for Vault Enterprise in Russian realities. And we can confidently say: we have achieved this goal. The product fully implements the required functionality and develops with a focus on the requirements of the local market. This is a solution for those who are not ready for compromises in security, control and flexibility, "said Maxim Kiselev, head of development at Deckhouse Stronghold. | |
In 2025, the company plans to complete the certification procedure for Deckhouse Stronghold for compliance with the requirements of technical specifications and order of the FSTEC of Russia dated June 2, 2020 No. 76 on level 4 of trust. This allows you to use the solution in loops with increased security requirements. In addition, the product has already become part of the new version of Deckhouse Kubernetes Platform certified by the FSTEC of Russia as a functional module that implements the basic functions of the secret store. Also in development is support for cryptographic algorithms GOST 34.12-2018 and the implementation of replicas for performance and disaster recovery.
2024: Inclusion in the register of Russian software
The Deckhouse Stronghold secure storage and secret management solution from Flant is included in the register of Russian software. The developer announced this on May 15, 2024. The product is assembled, supplied and fully works on Russian operational systems. It is fully compatible with the Vault API from HashiCorp and has an interface in Russian.
Deckhouse Stronghold can be used in all environments, clouds and closed circuits with increased security requirements. The solution allows you to separate access rights for managing storage and obtaining application secrets - which minimizes data leakage risks and provides maximum access control.
The solution is part of the Deckhouse ecosystem and is deeply integrated with all of its products. In addition, Stronghold is compatible with a large range of existing solutions on the market, including for secure delivery of secrets to databases, CI/CDs and for authentication from external identification sources (for example, AD, OIDC, LDAP, SAML).
| | The inclusion of Deckhouse Stronghold in the register is a natural event for us. The solution is based on a mature product that has existed since 2015. The Stronghold code is stored and developed in Russia, and is also constantly tested for vulnerabilities. All documentation and interface are written in Russian, which makes working with the product more convenient and easier. Technical support from experts is also provided, "said Konstantin Aksyonov, director of the Deckhouse development department at Flant. - We continue to actively work on the technological development of the product. In the process of implementation - isolated environments and multi-tenancy, which will allow you to divide the storage of secrets between individual departments or teams. | |
At the end of 2024 algorithm enciphering , GOST will be implemented at Deckhouse Stronghold. Also in the first quarter of 2025, the solution developer will begin implementing support for HSM (Hardware Security Modules) - hardware and software cryptographic modules for systems with increased security requirements.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |