Encrypted Access Control

Siglatch

Siglatch is a signal-triggered control daemon for remote infrastructure. It opens narrow, authenticated access paths over UDP so operators can do real work without leaving a broad remote-admin surface standing.

Discuss Siglatch Adoption Read Use Cases View GitHub Repo
Encrypted UDP Temporary access Replay resistant Low footprint

Overview

Siglatch is a lightweight, configurable encrypted UDP control bus for remote infrastructure. It is built for temporary access, scoped actions, and narrow blast radius, not for leaving broad admin channels open all the time.

In practice, that means teams can gate access, trigger controlled actions, and keep the operational surface explicit instead of letting ad hoc access paths spread everywhere.

What It Solves

  • Secure access control for dynamic IPs and short-lived sessions.
  • Remote job execution and triggering without forcing a web stack or SSH glue into the middle.
  • Secure telemetry and log pushes with less standing exposure than traditional gateways.
  • Inter-server signaling and command dispatch with direct daemon-level delivery.
  • A control building block for infrastructure that needs explicit policy boundaries.

Siglatch is meant to give small and medium teams the control plane they actually need, instead of the heavier platform they would otherwise have to carry just to unlock a machine, run a task, or revoke access again.

Use Cases

  • Grant or revoke SSH reachability for a specific IP when work starts.
  • Toggle admin panels or internal UIs on and off for maintenance windows.
  • Dispatch daemon actions such as reload, rotate, notify, or reboot.
  • Forward logs or job triggers through a lightweight encrypted packet path.
  • Route custom action handlers into shell scripts, static objects, or dynamic objects.

Security Model

The security model is layered rather than implied. The daemon treats packet validation, replay resistance, and action scoping as first-class concerns.

  • Strict packet size limits and a non-blocking listener drop malformed traffic early.
  • Authenticated packets are validated before any action runs.
  • HMAC-SHA256 and RSA-2048 provide the core integrity and confidentiality layers.
  • Timestamps and nonce caching reduce replay risk.
  • Payloads handed to scripts are base64-encoded so binary injection is avoided.

What It Is Not

  • Not a VPN replacement for all traffic and all users.
  • Not a broad persistent remote administration platform.
  • Not meant to replace mature tools where broad control is explicitly required.
  • Not a generic pub/sub bus with no policy boundary.

If you need always-open control for everything, Siglatch is the wrong shape. If you need narrow, temporary, policy-driven access, it is built for that job.

Docs and Support

Implementation support is available for teams that need a controlled rollout, custom action wiring, or integration help.

Discuss a Siglatch Project View GitHub Repo