Components
System Components
Section titled “System Components”Detailed breakdown of each component in the SSH-KLM architecture.
API Server
Section titled “API Server”The API server handles all client requests and orchestrates operations.
Responsibilities
Section titled “Responsibilities”- REST API endpoints
- WebSocket connections for real-time updates
- Authentication and authorization
- Request validation
- Rate limiting
Configuration
Section titled “Configuration”api: port: 8081 workers: 4 timeout: 30s cors: origins: ["https://app.example.com"]Worker Nodes
Section titled “Worker Nodes”Background workers process asynchronous tasks.
Worker Types
Section titled “Worker Types”| Worker | Purpose | Concurrency |
|---|---|---|
| Discovery | Scan hosts for SSH keys | 10 parallel |
| Rotation | Execute key rotations | 5 parallel |
| Notification | Send alerts/emails | 20 parallel |
| Cleanup | Archive old data | 1 |
Job Queue
Section titled “Job Queue”// Example job structure{ "id": "job-12345", "type": "rotation", "payload": { "keyId": "KEY-abc", "algorithm": "ed25519" }, "priority": "high", "retries": 3}Database (PostgreSQL)
Section titled “Database (PostgreSQL)”Primary data store for all persistent data.
Schema Overview
Section titled “Schema Overview”| Table | Purpose |
|---|---|
hosts | Target server inventory |
ssh_keys | Discovered key metadata |
rotations | Rotation job history |
policies | Rotation/access policies |
audit_logs | All operations logged |
Cache (Redis)
Section titled “Cache (Redis)”High-performance caching and job queue.
- Session storage
- API response caching
- Job queue (Bull/BullMQ)
- Rate limit counters
- Real-time pub/sub
SSH-KLM Agent
Section titled “SSH-KLM Agent”Lightweight daemon on target hosts.
Features
Section titled “Features”- Local key discovery
- Key rotation execution
- Real-time file monitoring
- Secure communication
Resource Usage
Section titled “Resource Usage”| Resource | Typical Usage |
|---|---|
| Memory | 50-100 MB |
| CPU | < 1% idle |
| Disk | 10 MB |