Architecture Overview
Architecture Overview
Section titled “Architecture Overview”SSH-KLM is built on a modern, scalable architecture designed for enterprise SSH key management.
Design Principles
Section titled “Design Principles”| Principle | Description |
|---|---|
| Security First | Zero-trust architecture, encryption at rest and in transit |
| Scalability | Horizontal scaling for thousands of hosts |
| High Availability | No single point of failure |
| Extensibility | Plugin architecture for integrations |
High-Level Architecture
Section titled “High-Level Architecture”┌─────────────────────────────────────────────────────────────┐│ CLIENT LAYER ││ Web UI │ CLI │ SDK (Node/Python/Go) │ REST API │└─────────────────────────┬───────────────────────────────────┘ │ HTTPS/WSS┌─────────────────────────▼───────────────────────────────────┐│ API GATEWAY ││ Load Balancer │ Rate Limiting │ Authentication │ TLS │└─────────────────────────┬───────────────────────────────────┘ │┌─────────────────────────▼───────────────────────────────────┐│ APPLICATION LAYER ││ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ││ │ API Server │ │ API Server │ │ API Server │ ││ │ (Node 1) │ │ (Node 2) │ │ (Node N) │ ││ └─────────────┘ └─────────────┘ └─────────────┘ │└─────────────────────────┬───────────────────────────────────┘ │┌─────────────────────────▼───────────────────────────────────┐│ WORKER LAYER ││ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ││ │ Discovery │ │ Rotation │ │ Notification│ ││ │ Workers │ │ Workers │ │ Workers │ ││ └─────────────┘ └─────────────┘ └─────────────┘ │└─────────────────────────┬───────────────────────────────────┘ │┌─────────────────────────▼───────────────────────────────────┐│ DATA LAYER ││ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ││ │ PostgreSQL │ │ Redis │ │ S3/Blob │ ││ │ (Primary) │ │ (Cache) │ │ (Backups) │ ││ └─────────────┘ └─────────────┘ └─────────────┘ │└─────────────────────────────────────────────────────────────┘ │┌─────────────────────────▼───────────────────────────────────┐│ AGENT LAYER ││ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ││ │ Agent 1 │ │ Agent 2 │ │ Agent 3 │ │ Agent N │ ││ │ Host A │ │ Host B │ │ Host C │ │ Host N │ ││ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │└─────────────────────────────────────────────────────────────┘Communication Patterns
Section titled “Communication Patterns”Agent to Server
Section titled “Agent to Server”- Protocol: gRPC over mTLS
- Heartbeat: Every 30 seconds
- Data: Key inventory, status updates
Server to Agent
Section titled “Server to Agent”- Protocol: gRPC over mTLS
- Commands: Rotation tasks, discovery triggers
Deployment Models
Section titled “Deployment Models”| Model | Use Case | Components |
|---|---|---|
| Single Node | Development, POC | All-in-one container |
| Standard | Small-medium deployments | Separate API, workers, DB |
| Enterprise | Large scale, HA | Clustered everything |