SeyalRun
Secure. Controlled.
Automated.

A standalone PAM and job-automation platform for your server fleet — vaulted credentials, a browser terminal, recorded sessions, and automation, with no monitoring stack required. Already run Zabbix? It integrates there too, natively.

$curl -fsSL .../install.sh | bash

Everything a PAM console needs, nothing it doesn't

Eleven capabilities, each doing one job — so an incident in one never means trusting all of them.

11 Capabilities
🖥️

Session Recording & Command Audit

🛡️

Role-Based Access Control

🗂️

Host & User Groups

🔒

Security First

📜

Automation Playbooks

🚫

Command ACLs

📚

Centralized Log Backend

🔐

Credential Vault

🧩

Zabbix Integration

📡

Monitoring API

🔌

API for Integration

terminal · recordingAUDITED

Session recording & command audit

Every SSH session recorded end-to-end and replayable — not just that someone logged in, but every command they ran.

identity-serviceRBAC

Role-based access control

Fine-grained roles decide who can view, connect to, or run jobs on which hosts — enforced on every request.

identity · inventoryGROUPS

Host groups, user groups & roles

Organize servers into host groups and people into user groups, then grant access by group, not one at a time.

platform-wideBY DESIGN

Security first

Encrypted vault, fail-fast config with no default secrets, redacted logs, clickjacking protection — the architecture, not an add-on.

automation-serviceJOBS

Automation playbooks

Run Ansible-style playbooks or raw scripts across your fleet from reusable job templates, scoped to allowed hosts.

terminal-serviceBLOCKED

Command ACLs

Block specific commands per host or group in the browser terminal — stop a risky command before it runs.

automation-serviceES / S3

Centralized log backend

Ship audit and session logs to Elasticsearch or S3 from one Admin screen — no per-service log wrangling.

inventory-serviceAES-256-GCM

Credential vault

SSH credentials encrypted at rest, scrypt-derived keys, never logged or exposed in plaintext.

zabbix-integrationOPTIONAL

Zabbix integration

Already run Zabbix? A frontend module adds a SeyalRun menu and one-click terminal icons — one login, not two.

edge-proxy1 REQ/MIN

Monitoring API

One aggregate HTTP endpoint reports health and metrics for every service — no sidecar, no Docker socket exposed.

api-gatewayPAT

API for integration

Every feature is reachable over its REST API — issue scoped Personal Access Tokens to plug into your own tooling.

One door in. Everything else stays locked.

Your browser only ever talks to one address. Every step after that — checking who you are, unlocking a server's credential — happens behind closed doors, and nothing runs without its own security token.

Running in one command

Prebuilt images, no source checkout. Generates secrets, a self-signed cert, and seeds the superadmin account.

$curl -fsSL raw.githubusercontent.com/karthick-dkk/seyalrun_zabbix/main/install.sh | bash

Read the docs

Configuration reference, architecture, security model, and the Zabbix module install walkthrough.