Emergency Access

It's 3am. Production is down. Now what?

Your payment API is returning 500s. Customers are churning by the minute. The engineer who set up the Stripe credentials is on vacation. The rotation policy changed the password last week. You are locked out of your own infrastructure.

Break-Glass Flow

Break the glass. Fix the problem. Access revokes itself.

Outage hits production

Engineer runs break-glass

Incident reason logged

Scoped token minted

Security team alerted

Access self-destructs

When seconds matter, paperwork doesn't

One command. The CLI mints a scoped token, alerts your security team, and starts the self-destruct timer. No approval chains. No Jira tickets. Just access.

Break-Glass Session

$ fyvault break-glass \

--env=production \

--reason="incident-2024-042: Stripe API returning 500s" \

--ttl=60

⚠ BREAK-GLASS SESSION ACTIVATED

Session: fvbg_m9k2a...

Environment: production

Reason: incident-2024-042: Stripe API returning 500s

Expires: 60 minutes

✓ #incidents-security notified via Slack

✓ PagerDuty webhook dispatched

Token: fvbg_m9k2a_sk_live_emergency...

⏱ Auto-revocation in 59:59

Safety Guardrails

Emergency access that doesn't compromise security

Self-destructing access

Every token has a hard ceiling of 4 hours. The server enforces the countdown. No renewals. No workarounds. Time's up, access is gone.

Mandatory incident context

No blank checks. Every break-glass session demands a typed reason and an incident ID before a single byte of credential data is exposed.

Real-time alerting

Slack, webhooks, and email fire the instant the glass breaks. Your security team knows who, when, and why before the engineer even reads the secret.

Immutable audit log

Who triggered it. What they accessed. When access expired. Why they needed it. Permanently recorded. Tamper-proof. Ready for your next compliance audit.

Every team has a 3am story. This is how it ends differently.

The 3am nightmare

Call the one person who knows the password — they're asleep in another timezone
Post credentials in a Slack DM and hope nobody screenshots it
No record of who accessed what during the incident
Forget to revoke emergency access three weeks later

With break-glass

One command gets you scoped, read-only access in seconds
Token auto-revokes when the clock runs out — no cleanup needed
Every action logged from the moment the glass breaks to the moment access dies
Slack and webhook alerts so security knows before you've even read the secret

SDK

Wire it into your incident playbook

PagerDuty fires. Your runbook calls the SDK. A scoped token is minted before the on-call engineer even opens their laptop.

breakGlass.ts

const session = await fv.breakGlass.create({

reason: "incident-2024-042: Stripe 500s",

environment: "production",

ttlMinutes: 60,

});

// Token self-destructs in 60 minutes

// Security team alerted before you read a single secret

Emergency access in four steps

From incident to auto-revoke. No manual cleanup. No forgotten tokens.

Incident

→↓

Break-glass command

→↓

Time-limited token

→↓

Auto-revoke ⏱

Python SDK

Automate break-glass from Python

Trigger emergency access sessions programmatically from your incident runbooks.

break_glass.py

session = fv.break_glass.create(
    reason="incident-2024-042",
    environment="production",
    ttl_minutes=60,
)

# Token self-destructs in 60 minutes
# Security team alerted instantly

When the building is on fire, you break the glass. You don't fill out a form.

Give your team a way to act in seconds, not hours. One command. Time-limited. Fully audited. The access revokes itself so you never have to remember.