SlateBeaverSlateBeaver
SlateBeaverSlateBeaver
Log in
AEGIS
Aegis · Credential management

Credential management built around the principle of least privilege.

Aegis stores credentials encrypted, grants access explicitly per credential rather than per project, and logs every access event in a tamper-evident audit trail.

Explore Aegis
Storage

Encrypted at rest, separated by environment.

  • AES-256-GCM encryption with a unique data encryption key per credential
  • Credentials live in environment-scoped stores: production, staging, dev
  • Import from .env files or add via CLI - no manual re-entry required
  • Key names and metadata are separate from key values in the data model
Access

Per-credential grants, not project membership.

  • Being added to a project does not grant any credential access
  • Every access grant is explicit, recorded, and can be time-bounded
  • 9-role RBAC matrix controls who can reveal, edit, rotate, or grant access
  • Just-in-time access grants with automatic expiry (1h, 4h, 24h, 7d)
Audit

Every event on the record, forever.

  • Append-only audit log - no user can modify or delete entries
  • Reveal events capture: actor, timestamp, IP, environment, linked sprint ticket
  • Export to CSV or forward to SIEM systems (Splunk, Datadog, Elastic)
  • Filter by actor, credential, environment, or date range
Lifecycle

Rotation, JIT access, and drift detection.

  • Rotation tracking with age warnings at configurable thresholds
  • Drift detection flags when a local file diverges from the stored credential
  • Break-glass access for emergency credential reveal with post-event notification
  • SCIM deprovisioning triggers automatic access removal on offboarding
When you need this

Signs your credential approach needs structure.

You can't answer who last accessed a production API key
Credentials are shared through Slack, email, or group .env files
Offboarding an engineer requires a manual sweep across multiple tools
A SOC 2 auditor has asked for an access evidence report
A key was rotated but some services weren't updated - and you found out in production
Your team manages credentials for 3+ environments with different sensitivity levels

Detailed guides

API key managementEnvironment variable managementRBAC access controlAudit loggingOffboarding access management

Ready to try it?

We're onboarding in batches. Join the waitlist and we'll be in touch.

Talk to us