Features

Built for running automation in the real world.

Each piece exists because operating a fleet at scale demands it — from execution to results to access control.

Secure terminal Audited, recorded SSH sessions through a hardened gateway

Open an interactive shell to any managed host through the agent acting as a jump box. Every session is fully recorded — keystrokes and output — and the agent verifies the target's SSH host key before connecting, refusing on any change.

Full session recordingEvery keystroke and all output captured, timestamped, and replayable for audit and compliance.
Host-key verificationConnections are checked against known host keys and refused on mismatch — no trust-on-first-use.
Single-use tokensEach session is authorized by a one-time, time-boxed, agent-scoped token.
Read more
ssh · web-prod-1● REC
host key verifiedsession recorded

Tamper-evident audit log A cryptographic record of every privileged action

Logins, runs, credential access, terminal sessions, and admin changes are written to an append-only, hash-chained audit log. Any alteration or deletion breaks the chain and is detected on verification.

Hash-chained integrityEach entry is linked to the previous by a SHA-256 chain; tampering is provable.
Everything privilegedRuns, credential reveals, key access, terminal sessions, agent changes — all recorded.
One-click verificationVerify the entire chain's integrity from the audit viewer at any time.
Read more
audit · hash chainverifying…

Fleet automation Run Ansible across thousands of hosts

Launch playbooks against a handful of servers or your entire estate from one screen. Scope a run by project, group, or hand-picked hosts, and watch structured results land in real time.

Scope preciselyTarget a project, a host group, or an ad-hoc selection. The run only touches what you choose.
Engine-readyAnsible today, with Terraform, OpenTofu, and SaltStack on the same launch flow.
Built for scaleStructured per-host results stay readable whether you run on 3 hosts or 3,000.
Read more
launch · site.ymlrunning
0
ok
0
changed
0
failed

Template library A vetted catalog of ready-to-run automation

Browse a curated catalog of validated playbooks and checks organized by engine and category. Safe read-only checks are available to everyone; change-making templates are gated to infrastructure admins. Deploy any template to an agent in one click.

Vetted and categorizedEvery built-in template is validated; browse by engine and category.
Check vs. change gatingRead-only checks for all; state-changing templates restricted to admins.
Custom templatesCreate your own and deploy them to agents with safe upsert semantics.
Read more
template library

Validated editors Edit playbooks with live linting and on-agent checks

Edit playbooks and templates in a real syntax editor with YAML highlighting and live validity checking. Run a true ansible-playbook syntax check on the agent before anything goes near production.

Live YAML lintingSyntax errors surface as you type, with a clear validity indicator.
Validate on agentRun a real --syntax-check on the control node, not just client-side guesses.
Role-gatedEditing is restricted to infrastructure admins and above.
Read more
edit · deploy.ymlvalid YAML

Cloud onboarding Discover and import resources from any cloud

Connect AWS, Azure, Google Cloud, Proxmox, VMware, Nutanix, or Virtualizor, then discover their instances through the agent and import them as managed hosts — ready for automation, checks, and terminal access.

Multi-cloudAWS, Azure, GCP, Proxmox, VMware, Nutanix, and Virtualizor from one wizard.
Agent-side discoveryCredentials stay in the vault; discovery runs through the agent, not the browser.
Import as hostsTurn a discovered instance into a managed host in a couple of clicks.
Read more
discover · multi-cloudscanning…

Access & secrets Role-based access with an encrypted credential & key vault

Built-in roles from viewer to org admin, scoped per project, plus an encrypted vault for credentials and SSH keys — scoped per tenant, project, or individual host, and revealed only to those authorized.

Least privilegeViewer, operator, infra admin, org admin — assignable per project.
Per-host secretsScope credentials to a tenant, project, or a single host; host secrets are admin-reveal only.
SSH key vaultStore and inspect SSH keys with fingerprint and passphrase detection, never exposed in plain text.
Read more
access & secrets
vieweroperatorinfra adminorg admin
••••••••••••••••

Reporting & insight Dashboards over your runs, activity, and fleet

A reporting dashboard that turns the data you already generate into insight: run activity over time, success rates, outcomes by engine, activity by type, and your most active projects — across 7, 30, or 90 days.

Run health at a glanceSuccess rate, failures, and activity trends over your chosen window.
Activity breakdownsSee what's happening by action type and which projects are busiest.
Real dataEvery figure is computed from your own tenant's runs and audit activity.
Read more
reports · last 30 days

Security audit An automated review of your own security posture

A built-in audit that reviews vSupport's own posture and the hosts it manages — credential scoping, key passphrases, host-key coverage, agent health, privileged-account concentration, and audit-chain integrity — scored with concrete remediation.

Scored findingsPass / warn / fail checks weighted by severity into a clear score and grade.
Actionable remediationEvery finding comes with a specific fix, not just a flag.
Host checksRun safe, read-only security checks against your hosts through the agent.
Read more
security audit
0

Remote agent Reach servers inside any network, no inbound ports

A lightweight agent runs on your control node and polls outbound to the portal. No inbound firewall rules, no VPN gymnastics — it executes against hosts the portal can never reach directly.

Firewall-friendlyThe agent dials out. Nothing needs to be exposed to the internet.
Sandboxed executionRuns are confined to an approved playbook directory on the agent host.
Self-updatingAgents update from a source you pin, with host allow-listing and version gating.
Read more
agent · outbound only
portal
agentcontrol node
firewall · no inbound