Skip to content
New: see your fit and get a tailored quote in minutes.Try the estimator
Menu
Request a demo Sign in
Operate

Web Terminal

Just-in-time, recorded terminal access to your clusters

Reach a pod or cluster from the browser through a just-in-time grant that expires on its own. Policy as code decides who can open a session and where, every session is recorded as a tamper-evident replay, and idle or expired sessions are torn down automatically.

  • No standing credentials to rotate, share, or audit manually
  • A reviewable, tamper-evident recording behind every terminal session
  • The same access policy applied consistently across every cluster target
Request a demo Read the docs

The problem

When an engineer needs to reach a pod in production, the path is usually a shared credential, a long-lived config file, or a VPN hop with no record of what happened. Standing access that never expires makes every session a potential exposure, and when something goes wrong there is no replay to show who ran what or when.

Without IntegraCI

  • Standing credentials that never expire and require manual cleanup
  • No record of what ran during a cluster session
  • Access rules that live in documents and in memory
  • Someone has to manually revoke access when a session is done

With IntegraCI

  • Access granted on request and closed automatically when the TTL runs out
  • Every session recorded as a reviewable, tamper-evident replay
  • Policy as code decides who can reach which target before any session opens
  • Idle, expired, and revoked sessions torn down automatically across replicas

What you get

Just-in-time grants

Access is granted on request and expires on a TTL, with no standing shells.

Policy-gated

Policy as code decides who can open a session and against which target.

Recorded sessions

Each session is recorded as a replay so what happened is reviewable later.

Automatic teardown

Idle, expired, or revoked sessions are closed automatically across replicas.

How it works

  1. 1

    Request access

    You request a session for a target; policy decides and a grant is issued.

  2. 2

    Work in the browser

    You get a terminal in the portal, scoped to the grant and recorded.

  3. 3

    Auto-revoke

    The session ends on its TTL or when idle, and the recording is kept.

How it stays governed

The same gates everyone passes, applied here.

Gated by policy

Policy as code governs every access request before a session opens, deciding who can reach which cluster or pod and under what conditions. No terminal session starts without passing that check, and the same rules apply across every registered target.

Recorded, tamper-evident

Each session is recorded as a tamper-evident replay that persists after the session ends. You can show exactly what ran, who ran it, and when, rather than relying on logs that may be incomplete or altered.

A human in the loop

When a request requires a person to sign off before a session is opened, the grant waits for that approval rather than opening the terminal immediately.

Works with your stack

Connect the tools you already run.

Governs access to your existing clusters and pods; IntegraCI adds the policy layer and session recording without replacing your runtime.

  • Apple
  • Argo Project
  • AWS
  • Cloudflare
  • CNCF
  • Coder
  • Crunchy Data
  • Daytona
  • Env0
  • Google
  • Keycloak
  • MongoDB
  • Okta
  • OutSystems
  • Pulumi
  • Rancher
  • Red Hat
  • Sonatype
  • +31 more

Who it’s for

Where teams reach for it.

Production incident response with a full record

When something breaks in production, engineers open a session through the portal instead of reaching for a shared credential. Policy decides who can connect, the session is recorded from start to finish, and the replay stays on hand for the post-incident review.

Cluster access in regulated environments

Compliance reviews require evidence of who accessed which system and what they did. Just-in-time grants that expire on a TTL replace standing credentials, and the session recording gives auditors a reviewable trace without any extra tooling.

Scoped access during onboarding

New team members need occasional cluster access but should not hold persistent credentials. Policy as code scopes each session to the right targets, and automatic teardown means no cleanup step is forgotten when the work is done.

Questions, answered.

Does IntegraCI replace my existing kubectl or cluster tooling?

No. IntegraCI provides a governed access path through the browser. Your existing cluster runtime keeps running. IntegraCI sits in front of the access request, evaluates it against policy, and records the session without replacing what is underneath.

Who decides which teams can reach which clusters?

Rules are written as policy as code by whoever administers your platform. Engineers do not set their own access scope. Each request is evaluated against those rules before a grant is issued, and the policy applies consistently across every registered target.

What happens to the session recording after the session ends?

The recording is kept as a tamper-evident replay that persists independently of the session. You can review it later to see exactly what ran, when, and under which grant. It is not editable after it is written.

What closes the session if someone walks away?

Sessions are torn down automatically when the TTL expires or when the session goes idle, across all replicas. There is no manual cleanup step and no standing shell left open after the grant period ends.

Related capabilities

Secure

Access Governance

Just-in-time, time-bound access instead of standing keys

 Govern

Policy as Code

Write governance rules as versioned, tested code

 Govern

Compliance & Audit

Tamper-evident audit trail with one-bundle evidence export

Put Web Terminal on your stack.

Request a demo, or read the docs to see how it fits the tools you already run.

Request a demo Read the docs