In Part 1, we covered how Alpacon reimagines network access through Websh.
This is Part 2: Identity & Access Management, Integrations & Interoperability, and Auditing.
Identity & Access Management
When a new developer joins, have you ever issued an SSH ID and password, then sent the server IP and port via Slack? Or asked them to send you their SSH public key to manually register on the server?
Did that feel secure and scalable?
Identity is a prime target for attacks. Passwords are no longer valid security credentials. Identities provisioned on servers easily become outdated without proper tracking—creating vulnerabilities for hackers or giving disgruntled former employees access to critical assets.
Centralized Management
Alpacon centrally manages all identities used to access servers.
- New employee → Invite to Alpacon
- Employee leaves → Remove from Alpacon
When users first connect, their ID and permissions are automatically provisioned. As changes occur, Alpacon tracks them continuously. System accounts are created as passwordless. Logging in through other means isn't possible.
Enforced MFA
Workspace admins can require enhanced MFA when users connect in privileged mode (typically root access). Supported methods:
- Biometric, Hardware security keys, OTP, Email, SMS
Enterprise Integration
- Google Workspace integration
- SAML support coming soon
- Security-designed and white-hat verified
- Redundant architecture prevents single points of failure
Integrations & Interoperability
Have you needed to give SSH access to CI/CD pipelines? Did you open your firewall to allow GitHub Actions or GitLab CI/CD with dynamic IPs? Were you worried about deployment SSH keys being misused?
Alpacon CLI and REST API
Execute workloads and transfer files with a single command. The CLI uses SSH-like syntax for familiarity.
alpacon login https://alpacon.io/my-workspace -t "alpat-..."
alpacon cp docker-compose.yml prod-docker:/opt/my-app/
alpacon cp .env prod-docker:/opt/my-app/
alpacon websh prod-docker docker compose -p my-app --env-file .env up -d
Fine-Grained Control
Tokens protected by fine-grained rules can only execute permitted commands. Block unauthorized parties from abusing CI to execute arbitrary commands.
curl -X POST https://my-workspace.us1.alpacon.io/api/events/commands/ \
-H "Content-Type: application/json" \
-H "Authorization: Token alpat-..." \
-d '{"server": "7a50ea6c-2138-4d3f-9633-e50694c847c4", "line": "docker ps", "username": "docker"}'
Integrate safely with CI/CD under strong control.
Auditing
Do you track who executed what commands on your servers and when? Many companies don't know who caused an issue even when incidents occur. Access to critical assets should be monitored, but few actually do it.
Full Visibility
Alpacon logs all user connections as an access gateway:
- Real-time monitoring of terminal access
- Block suspicious activity immediately
- Post-incident command audit
- Complete command history with timestamps and attribution
You know who accessed which server, when they connected, what commands were executed, where the access came from, and how they authenticated.
No more blind spots. No more guessing. Just complete accountability.
Concluding Thoughts
Why have we assumed that stronger security must mean harder access?
Alpacon proves you don't have to choose. Security and accessibility aren't opposites—they're two sides of the same modern infrastructure.
What's Next?
We built Alpacon because we were tired of the same old problems: dropped SSH sessions, manual key management, and zero visibility into who's doing what.
If you've felt the same frustration, we'd love to have you try it.
Get Started:
- 🚀 Join the Beta and see how Alpacon works in your environment
- 💬 Join Discord to share your experience and help shape what we build next
We're building this in the open. Your feedback matters.
Top comments (0)