← Docs

Break-glass

Break-glass is a logged emergency path: when something is on fire and there is no time to wait for approval, an authorized user can self-grant short, heavily-audited access.

Using it

  1. On any access blocked by an approval gate — a database query, a server terminal, an internal app or a cluster — click Break-glass (shown if you have the permission).
  2. Enter a justification — this is required and recorded.
  3. Access is granted immediately for a short window (default 15 minutes, non-renewable). Retry your action — re-run the query, reconnect the terminal, or reopen the app.

What gets logged

  • A critical system log entry is written.
  • All owners/admins are notified instantly.
  • The grant appears under Access requests → Active grants with a "break-glass" badge, where an admin can Revoke it.

Permissions

access.breakglass

Granted to admins by default; assign it to a custom role for on-call engineers who need it. See Access requests for the normal approval flow.