Aller au contenu principal
Version : la plus récente

Just-in-Time access

Just-in-Time (JIT) access grants temporary, scoped access to a Safe or resource that expires automatically. JIT is the recommended approach for enforcing least-privilege: users do not hold standing access to sensitive resources; they request it when needed.

Why JIT access matters

Standing access (where a user always has access to a resource) increases the blast radius of a compromised account. JIT access limits exposure: if credentials are compromised, the attacker only has the time window of the grant.

JIT access also creates a clear audit trail: every grant is logged with the requesting user, approver, duration, and resource.

How to request JIT access (operator)

  1. Go to Safes and find the Safe you need access to.
  2. If you do not see the Safe, it may require a JIT request. Click Request access on the Safe card.
  3. Enter the reason for the request and the duration you need (for example, 2 hours).
  4. Submit the request. If an approval policy is configured, your request goes to the designated approver.
  5. Wait for approval. You will receive a notification when access is granted.
  6. Access the Safe and use the credential or launch the session within the grant window.
  7. Your access expires automatically at the end of the grant duration.

Success state: You can access the Safe and its resources for the duration of the grant. After expiry, your access is removed and the audit log records the grant end.

How to configure JIT policies (admin)

  1. Go to Policies > New policy.
  2. Name the policy and add a description (for example, "JIT access -- Production DB").
  3. Set the Action to Require approval.
  4. Under JIT settings, enable Automatic expiry and set the maximum grant duration.
  5. Assign the policy to the target Safe.
  6. Activate the policy.

Success state: Users without standing membership in the Safe can now request temporary access. Requests appear in the Approvals queue for designated approvers.

Maximum grant duration

You can configure the maximum grant duration per policy. If a user requests a duration longer than the maximum, the request is automatically capped at the configured maximum.

Recommended maximums by use case:

Use caseRecommended maximum
Routine ops task4 hours
Incident response8 hours
Maintenance window12 hours
Audit review (read-only)24 hours

Audit trail for JIT grants

Every JIT access event is recorded in the audit log:

  • Access requested -- who requested, which Safe, requested duration, reason
  • Approved or Denied -- who approved/denied and when
  • Access granted -- start time and expiry time
  • Access expired -- system event confirming grant removal

See Audit log for how to search and export these events.