Platform Features

Every feature your team needs to manage API keys safely

colunrn is your single control plane for the entire API key lifecycle — from creation and fine-grained scoping, through scheduled rotation and instant revocation, to tamper-proof audit logs. One dashboard, zero blind spots, complete confidence for every engineer on your team.

Start for free
No credit card required
Key CreationScoping & PermissionsAuto RotationInstant RevocationAudit Logs
Deep-Dive Capabilities

Every control you need,
none you don't.

colunrn is built for teams who treat API key hygiene as a first-class engineering concern. These eight capabilities work together to give you full, auditable command of your credential surface.

01

Scoped Key Generation

Create API keys with precisely defined permission sets, restricting access to only the endpoints and resources each consumer needs. Reduce blast radius by ensuring no key ever carries more privilege than its intended function. Scoped keys integrate directly with your existing service definitions without any code changes.

View docs
02

Automatic Rotation Scheduler

Define rotation intervals — hourly, daily, weekly, or custom cron expressions — and colunrn handles key lifecycle transitions with zero downtime. The scheduler issues a new key, validates it, and gracefully retires the old one within a configurable overlap window. Rotation history is fully auditable and exportable.

View docs
03

Granular RBAC

Assign roles at the team, project, or environment level with fine-grained permissions that map to real operational responsibilities. Admins, developers, auditors, and read-only observers each get exactly the access their workflow demands. Permission changes propagate instantly across all connected services without restarts.

View docs
04

Real-Time Audit Log

Every key creation, access attempt, rotation, and revocation is captured in an immutable, tamper-evident log streamed in real time to your dashboard. Filter by user, key, environment, or time range to reconstruct any incident with full context. Export logs as structured JSON or CSV for SIEM and compliance toolchains.

View docs
05

Webhook Lifecycle Events

Subscribe to structured webhook payloads for every key lifecycle event — created, rotated, expiring, expired, or revoked — and react instantly in your own systems. Payloads are signed with HMAC-SHA256 so your endpoint can verify authenticity before acting. Retry logic, delivery logs, and dead-letter queues are included out of the box.

View docs
06

Multi-Environment Namespacing

Organise keys into isolated namespaces for development, staging, canary, and production so there's no risk of cross-environment credential leakage. Namespace-level policies enforce different rotation schedules, expiry rules, and access controls appropriate for each stage. Cloning a namespace configuration to a new environment takes a single API call.

View docs
07

SSO & Directory Sync

Connect colunrn to your identity provider via SAML 2.0 or OIDC and enforce single sign-on across your entire engineering organisation. SCIM-based directory sync keeps user provisioning and deprovisioning automatic — a removed employee instantly loses all key access. Works with Okta, Azure AD, Google Workspace, and any standards-compliant IdP.

View docs
08

One-Click Revocation

Instantly invalidate any key — or an entire namespace — from the dashboard, CLI, or API with a single action that propagates globally in under 200ms. Revocation is irreversible and logged, ensuring no replay or reuse is possible after the action is confirmed. Emergency revocation mode lets on-call engineers act without navigating permission prompts.

View docs

All features are available on every plan.

No capability gating. Higher tiers unlock higher limits, not locked features.

See pricing
Integrations

Lives natively in your existing stack.

colunrn connects with the tools your team already relies on. No workflow overhaul — just seamless, secure credential sync across every layer of your infrastructure.

GitHub Actions

Inject scoped API keys directly into your CI/CD workflows. colunrn rotates secrets automatically so your pipelines always use valid, least-privilege credentials.

Vercel

Sync environment variables to your Vercel projects at deploy time. Scope keys per environment — preview, staging, or production — without ever touching the dashboard manually.

AWS Secrets Manager

Mirror your colunrn vault to AWS Secrets Manager in real time. Lambda functions and ECS tasks pull fresh credentials on every invocation — zero stale secrets.

Datadog

Stream key lifecycle events — creation, rotation, revocation — into Datadog as custom metrics and logs. Build dashboards and alerts around your credential health instantly.

Slack

Receive real-time alerts in your team's Slack channels when keys are rotated, flagged for unusual usage, or approaching their expiration window. Stay informed without leaving Slack.

PagerDuty

Escalate critical credential incidents — unexpected revocations, failed rotations, or policy violations — directly to your on-call engineer via PagerDuty. Mean time to resolution, minimised.

Don't see your tool?

colunrn ships a REST API and webhooks — connect anything in minutes, with or without a native integration.

View all integrations
OAuth 2.0 & API token auth for every integration
End-to-end encrypted sync over TLS 1.3
Full audit trail for every sync event
colunrn

API keys, fully under control. Manage, rotate, audit, and secure every key across your infrastructure from one unified platform.

[email protected]+1 415 000 0000548 Market St, San Francisco, CA 94104

Stay in the loop

Get product updates, security advisories, and developer tips delivered to your inbox. No spam, unsubscribe anytime.

By subscribing you agree to our Privacy Policy.

© 2026 colunrn Inc. All rights reserved.

SOC 2 Type IIGDPR Ready99.9{2ebf1f57190024323518be5b2d4bf8fde7bbf270a678249482126c4b900327f3} Uptime