KeyDrift

KeyDrift is a web + desktop app that continuously audits how your organization generates, stores, rotates, and uses cryptographic keys and certificates across cloud accounts, Kubernetes clusters, CI/CD, and common secret stores. It detects “crypto drift”: expired certs, weak algorithms, reused keys, missing rotation, noncompliant TLS configs, and shadow PKI created by teams. Instead of generic alerts, it maps each finding to concrete blast radius (services affected, owners, and downtime risk) and provides step-by-step remediation playbooks (e.g., rotate this KMS key, reissue these certs, update this ingress TLS policy). It integrates with AWS KMS/ACM, Azure Key Vault, Google Cloud KMS, HashiCorp Vault, and popular CAs to build a single inventory and enforce policy. This is a traditional app with AI-assisted triage and remediation guidance (not “autonomous” changes by default).