Apache 2.0 open source

Zero persistent
admin access.
Just in time.

JIT privileged access for AWS, Azure, GCP, and Kubernetes. Built for SREs — and the AI agents that work alongside them.

Short-lived configurable TTL

4 cloud providers

0 persistent elevation

ARCHITECTURE

Control plane you deploy,
providers you trust

A self-hosted control plane routes every elevation request through a three-tier approval model — from millisecond auto-approval to AI-assisted review to human sign-off. Everything expires automatically.

REQUESTORS

CLI (jitsudo)

MCP server

Slack bot

OIDC / gRPC

›

CONTROL PLANE

jitsudod

OPA PostgreSQL

provider plugin

›

PROVIDERS

AWS IAM

Azure AD

GCP IAM

Kubernetes RBAC

APPROVAL TIERS

Tier 1 OPA auto-approve Milestone 4

→

Tier 2 AI review (MCP) Milestone 4

→

Tier 3 Human approval Available now

WHY JITSUDO

Built for the agentic era

AI agent native

MCP server interface for agents as requestors today. Milestone 4: AI agents as approvers — evaluate, decide, or escalate with full audit trail.

Zero persistent elevation

All access grants expire automatically. No standing admin roles, ever.

Policy as code

OPA-backed policies live in git. Who, what, when — fully auditable and version-controlled.

Multi-cloud

AWS, Azure, GCP, and Kubernetes via a unified provider plugin interface.

Audit-first

Every request, approval, and expiry written to a unified, tamper-evident audit log.

Self-hosted

Deploy with Docker Compose or Helm. No cloud dependency, no SaaS vendor lock-in.

Ready to drop persistent admin access?

Open source. Self-hosted. Apache 2.0 CLI.

Read the docs Get started →

Zero persistent admin access. Just in time.

Control plane you deploy,providers you trust