Skip to content

Roadmap


SaaS Platform

Feature Status

Certificate Discovery

Feature Status
CT log scanning — alert on unexpected issuance TBD

External CA Integration

Feature Status
Sectigo TBD
GlobalSign TBD

Bridges

Feature Status
Bridge — self-updating binary TBD
Bridge — relay for Courier connections TBD

Couriers

Feature Status
Courier — Windows binary TBD
Courier — connect via Bridge Mostly Done
Courier auth — SPIFFE/SPIRE (JWT and X.509) TBD

Secrets Management

Feature Status
Bridge secrets caching Complete
Workload secrets access Complete
Service Account API for secrets Complete

Target Systems

Feature Status
Microsoft IIS — Windows Remote Management TBD
Microsoft Windows — Windows Remote Management TBD

Virtual HSM (vHSM)

The vHSM is implemented as a dedicated Rust binary module within the back control plane, providing fine-grained control over cryptographic memory operations.

Feature Status
vHSM — Rust binary module for back control plane TBD
vHSM — key pair generation (RSA, EC) TBD
vHSM — key storage TBD
vHSM — digital signature operations TBD
vHSM — key zeroization (explicit memory clearing) TBD
vHSM — approved random bit generation (DRBG) TBD
vHSM — symmetric key operations (AES) TBD
vHSM — power-up self-tests (known answer tests) TBD
vHSM — conditional self-tests (runtime health checks) TBD
vHSM — software integrity verification at startup TBD
vHSM — FIPS 140-3 Level 1 compliance TBD
Third-party HSM integration — Microsoft Azure TBD
Third-party HSM integration — Amazon Web Services TBD
Third-party HSM integration — physical HSM TBD