What is Expanso and how does it work?

Expanso is a managed platform for deploying intelligent data pipelines at the edge. It processes data where it's generated - reducing bandwidth, latency, and costs. You deploy lightweight agents on your infrastructure, build pipelines using our visual builder or YAML, and control everything from a central SaaS platform.

Can I run AI/ML models directly in my data pipelines?

Yes! Expanso supports running ONNX, TensorFlow Lite, and other models as native pipeline steps. Execute low-latency inference on streaming data, enrich events with model outputs (like risk scores), and make decisions at the edge without cloud round-trips.

How many pre-built components are available?

Expanso provides 200+ pre-built components including inputs (Kafka, HTTP, files), processors (transformations, filtering, PII masking, aggregations), and outputs (S3, Snowflake, Datadog, Splunk). Browse the complete catalog in our Component Reference.

Do I need to write code to build pipelines?

No - use our drag-and-drop visual pipeline builder to create sophisticated pipelines without code. For advanced use cases, you can also write pipelines in YAML or use the Bloblang transformation language for complex data mappings.

How does Expanso help with data governance and compliance?

Expanso includes built-in governance features: automatic PII detection and masking, policy enforcement at the edge, RBAC, SSO integration, and comprehensive audit trails. Mask sensitive data before it ever leaves your network.

types.SecretAuthConfig

access_key_idstring

AccessKeyID is a static AWS access key ID.

client_idstring

ClientID is the Azure AD application (client) ID.

client_secret_envstring

ClientSecretEnv is the environment variable containing the Azure client secret.

impersonate_service_accountstring

ImpersonateServiceAccount is the target service account to impersonate.

jwtstring

JWT is the JWT token value.

jwt_envstring

JWTEnv is the environment variable containing the JWT token.

jwt_filestring

JWTFile is the path to a file containing the JWT token.

managed_identity_client_idstring

ManagedIdentityClientID is the client ID for a user-assigned managed identity.

methodstring

Method is the authentication method.

mount_pathstring

MountPath overrides the default auth mount path in Vault (e.g. "auth/approle").

pathstring

Path is the path to a credential file for file-based auth.

rolestring

Role is the backend role name (Vault role, AWS role, etc.) bound to the identity.

role_idstring

RoleID is the AppRole role ID value.

role_id_envstring

RoleIDEnv is the environment variable containing the AppRole role ID.

role_id_filestring

RoleIDFile is the path to a file containing the AppRole role ID.

secret_access_keystring

SecretAccessKey is a static AWS secret access key.

secret_idstring

SecretID is the AppRole secret ID value.

secret_id_envstring

SecretIDEnv is the environment variable containing the AppRole secret ID.

secret_id_filestring

SecretIDFile is the path to a file containing the AppRole secret ID.

service_account_key_filestring

ServiceAccountKeyFile is the path to a GCP service account key JSON file.

tenant_idstring

TenantID is the Azure AD tenant ID.

tokenstring

Token is a static Vault token value.

token_envstring

TokenEnv is the environment variable containing a static Vault token.

token_filestring

TokenFile is the path to the projected service account token. Default: /var/run/secrets/kubernetes.io/serviceaccount/token

types.SecretAuthConfig
{
  "access_key_id": "string",
  "client_id": "string",
  "client_secret_env": "string",
  "impersonate_service_account": "string",
  "jwt": "string",
  "jwt_env": "string",
  "jwt_file": "string",
  "managed_identity_client_id": "string",
  "method": "string",
  "mount_path": "string",
  "path": "string",
  "role": "string",
  "role_id": "string",
  "role_id_env": "string",
  "role_id_file": "string",
  "secret_access_key": "string",
  "secret_id": "string",
  "secret_id_env": "string",
  "secret_id_file": "string",
  "service_account_key_file": "string",
  "tenant_id": "string",
  "token": "string",
  "token_env": "string",
  "token_file": "string"
}