KeyChest supports free web encryption


A new version of KeyChest for 2019 with Free personal end-to-end monitoring of up to 500 servers. Most preparations went up in smoke but we made it.

How often do you hear of a cloud service, which doesn’t really care how much you use it – what about key / certificate related services. No limit on domain names, automatic discovery of new keys … I bet it’s not that often.

The new version of KeyChest has been in making for most of 2018. Some substantial changes were made behind the scenes as well as a number of new features, which include real-time notifications, user management, or support of internal certificates.

Security reports in the new KeyChest

January changed gear. The new version was launched in the first week and it took about a week to get everything in order, despite a couple of dry runs of the upgrade, which included over 100 database schema upgrades, and more than 50% of new code.

Slack notifications are highly configurable.

Everything has been blurred since. We discussed plans and pricing with a number of people and learnt loads from how DropBox approached the pricing problem. We went back to thoroughly analyse a user survey from October/November last year – a big thank you to everyone who responded to it!

At the end, we decided to park our initial volume pricing and introduce three simple business plans. Simple, as we don’t care how many of your HTTPS servers you need to manage so long as it is within our fair usage policy, which allows you to include up to 3,000 servers.

These plans are accompanied with Free KeyChest service for personal use. When I say personal, I mean up to 500 servers(!) with auto-discovery of new keys and weekly email reports.

BUSINESS plans for commercial use of KeyChest

We have also put together high-level specs for dedicated KeyChest instances for enterprise customers. The pricing of those is not finalized yet but it will start at no more than $5,000 / year for early users.

We have also extended the API – which is available in the FREE personal plan to simplify integrations with Let’s Encrypt agents. We now have Linux bash demonstration script, which doesn’t require any networking libraries. It runs simply with what bash and similar Linux shells offer. See more at

exec 3<> "$TCP_DEV"
echo -ne "<API command>" >&3
RESPONSE=$(dd bs=1000 count=1 <&3 2>/dev/null)

We have a few immediate tasks on the road map but I’m most excited about the first version of the generation of new internal certificates. These will be software generated, but if you think it would be expensive to have a high-security root CA with KeyChest, think twice.

Raspberry Pi hosted root CA with 2 of 5 authorization and FIPS140-2 Level 3 security.

This is a quick overview of what we’ve been up to in the last 6 weeks or so and I hope to return to some of the topics in more detail in coming posts. Just now, we need to keep our head down for a little longer and follow through an initial implementation of our dreams. 🙂

I love change, I love the excitement!

Leave a Reply

Your email address will not be published. Required fields are marked *