For DevOps & SRE
Independent multi-cloud. Quorum-protected team secrets. Audit log per access. SSO-independent auth. Designed for the day your vault, IdP, or on-call rotation is part of the outage.
Your vault is down. Your SSO is unreachable. Your on-call paged out through a service that is itself degraded. Infrastructure secrets, root credentials, and recovery procedures are scattered across tools that may themselves be part of the outage — and the recovery instructions for those tools are in those tools. When everything depends on something that depends on everything, you need a backup that is truly independent.
Each card pairs a real-world failure mode with the concrete mechanism Glassbreak offers for it. Grouped by the kind of pressure you are under when you reach for it.
Your primary secret store is down (or its dependencies are: Consul, KMS, an IAM regional issue). The recovery credentials live in the very system that is down.
Glassbreak holds a separate, encrypted, quorum-protected copy of the root-tier credentials needed to recover. AES-256 on-device + RSA-4096 + ML-KEM-1024 hybrid wrap; no Glassbreak operator can read them.
Your primary cloud is partially down (us-east-1 having a bad day, control plane unreachable but data plane up). Your runbook is in a wiki on the same cloud.
Independent multi-cloud architecture (AWS + Scaleway live, Fly.io planned). Each vertical has its own database. A regional or whole-provider outage does not take down Glassbreak.
PagerDuty paged the on-call, no response. Backup on-call is on holiday. Tertiary list lives in a Notion page nobody bookmarked.
Escalation chains live in Glassbreak and trigger automatically when the primary acknowledgement window expires. SMS + email + push in parallel. Every page logged with delivery receipt.
Okta / Entra ID is degraded, no one can log into the prod-admin tools. Your "break-glass" account creds are in 1Password, which authenticates through the same IdP.
Glassbreak has independent authentication: argon2id passwords + TOTP / WebAuthn / recovery codes. No federated IdP dependency. Designed for the day the IdP is the problem.
Lost device, no second factor. Reissuing tokens through normal channels takes hours. You need a one-shot access path right now.
Per-team quorum-based recovery flow: T-of-N approvers re-enrol the lost factor via the Shamir-split recovery key. Every step logged.
"Show me every time anyone touched the production database root user in the last 12 months, with timestamps, requester, approver, business reason." The wiki is not enough.
Per-secret immutable access log. Each access carries: requester, approvers (T of N), reason, timestamp, IP / device. Exportable CSV / JSON for the auditor.
Something broke. Was a credential used outside its approved window? Did anyone touch the cert authority? You need an answer in minutes.
Cryptographic-integrity audit log. Every approval, grant, decryption-request gets a tamper-evident record. Time-bounded queries surface anything out-of-window.
Enterprise customer wants their hosted prod-admin secrets accessible only via multi-party approval. No single engineer (yours or theirs) can pull the key alone.
Shamir Secret Sharing over GF(2^8) with the DB CHECK enforcing (T≥2, N≥T) team mode. Approvers decrypt their share locally; the platform never holds a usable key.
Customer is subject to GDPR + Schrems II concerns. They will not store their break-glass secrets anywhere that touches US infrastructure.
glassbreak.cloud vertical is end-to-end EU-pure (registrar in EU, DNS in EU, compute in fr-par, DB in fr-par, CDN bypassed). The customer can route exclusively through it.
Security team wants every Glassbreak access event to flow to their SIEM. Compliance wants periodic export. Engineering wants webhook hooks.
Audit log is API-readable. Webhook-on-approval is on the Premium roadmap. SAML / SSO integration is on Premium. Bring-your-own logging endpoint via the export API.
Anything you bolt on top of your existing stack inherits that stack's failure modes. Glassbreak runs separately on purpose.
Glassbreak does not run on your cloud, does not share your DNS provider, does not authenticate through your IdP. By construction, your outage is not Glassbreak's outage.
AES-256 + RSA-4096 + ML-KEM-1024 hybrid encryption on-device. Glassbreak operators cannot read your secrets even with full database access on every vertical.
T-of-N Shamir split with the DB CHECK enforcing (T≥2). No server-held extra share, no escrow, no per-secret service key. Below threshold, the shares are zero-information.
Every credential read produces its own log row with requester, approvers, reason, time. SOC 2 CC6, ISO 27001 A.5.15, NIST CSF Govern + Protect all read cleanly off it.
api.glassbreak.io rides AWS Lambda + Scaleway Functions; failover is transparent. Sticky cookie pins each session to one vertical for read-your-writes consistency.
Each vertical owns its own database (Neon on AWS, Scaleway SDB on Scaleway). If one provider degrades or you part ways with them, the other vertical keeps you running.
Free tier: one team, five members. Enough to validate the recovery flow against a real production credential before the next BCP audit.
Get product updates and security insights. No spam, unsubscribe anytime.
We respect your privacy. See our privacy policy.
