CertLocker gives DevOps, SRE, and security teams one governed place to issue and deliver certificates, store operational secrets, grant just-in-time SSH, verify live endpoints, and prove who accessed what.
What changed
The real infrastructure trust problem is fragmented control: certs in one tool, SSH keys on laptops, secrets in scattered stores, cloud hosts imported by hand, and audit evidence stitched together after the fact.
Inventory is not enough. CertLocker checks what endpoints actually serve, which tokens exist, and which hosts are in scope.
Machines, users, and sessions should only get the certificate, secret, or host access they need.
CertLocker is not a nicer expiry dashboard. It is the operational layer for trust workflows across infrastructure.
Every certificate, secret, token, bastion, and access event belongs in one reviewable trail.
Control plane
Start with certificates. Extend the same scoped-token, RBAC, and audit model to secrets and just-in-time host access.
Issue, renew, rotate, deliver, and verify TLS certificates across HAProxy, Nginx, IIS, OpenVPN, MT4/MT5, internal services, and ACME clients.
Keep PEM material, credentials, configs, service secrets, and private operational values under the same control model as certificates.
Replace long-lived shared SSH keys with token-scoped access to hosts and environments, including browser terminal access when the operator path needs to be fast.
How CertLocker works
CertLocker gives teams a practical trust operating model without forcing every server, load balancer, or admin workflow into a new custom agent.
View All FeaturesCertificates, hosts, secrets, tokens, channels, and teams live in one governed product surface.
Machine tokens, ACME clients, and SSH sessions get narrow permissions that can be rotated or revoked.
Servers keep using familiar ACME and SSH paths while CertLocker records delivery, endpoint checks, and access events.
Audit evidence
When something changes, CertLocker records the event close to the workflow: certificate issuance, token updates, ACME activity, secret access, host import, bastion access, and endpoint verification.
Review user, token, role, and group activity from one place.
Probe production endpoints and compare live TLS against intended state.
Trace certificate, secret, token, and host workflow changes over time.
Remove token or session access without chasing keys across machines.
Where it fits
CertLocker is built around infrastructure buyers who need reliability, access control, and evidence before compliance or outages force the issue.
Stop spreading trust work across shell scripts, spreadsheets, cloud consoles, and chat messages.
Read use case →Run certificate and access workflows for trading systems, portals, and regulated infrastructure with clear evidence.
Read use case →Give operators fast access without leaving long-lived keys scattered across laptops and servers.
Read use case →Join early access and help shape the control plane for certificates, secrets, and just-in-time host access.