Now signing on 300+ Cloudflare edge nodes

One API Call.
Ephemeral Credentials.
Zero Infrastructure.

NKS signs ephemeral SSH certificates on Cloudflare's edge. One API call returns a signed cert with a 15-minute TTL. No static keys. No SDKs. No infrastructure to manage.

Start Free View Docs

terminal

$ curl -X POST https://api.nks.dev/v1/credentials/ssh-cert \
-H "X-API-Key: $NKS_KEY" \
-d '{"publicKey":"AAAA...","host":"production"}'

# Response (600ms)
{
"certificate": "ssh-ed25519-cert-v01@openssh.com AAAA...",
"expiresAt": "2026-05-27T17:15:00Z",
"serial": "nks_c_9f8a2b..."
} |

$0.000001

per certificate

600ms

signing latency

15min

TTL auto-expire

300+

edge locations

How It Works

Three steps. Zero complexity.

From API call to SSH connection in under a second. No key rotation, no vault management, no agent SDKs.

01

Request

Your AI agent sends its public key and the target host to the NKS API. One POST request. No SDK required.


                POST
                 /v1/credentials/ssh-cert
                

                {
                

                "publicKey": "ssh-ed25519 AAAA..."
                

                "host": "production"
                

                }

02

Sign

NKS signs an Ed25519 certificate on the nearest Cloudflare edge node. 600ms median latency. Globally distributed.


                // Signed on edge (Frankfurt)
                

                Algorithm: Ed25519
                

                Latency:   612ms
                

                PoP:       FRA
                

                Serial:   nks_c_9f8a...

03

Connect & Expire

The agent SSHes using the signed certificate. After 15 minutes the cert expires automatically. Nothing to revoke.


                $
                 ssh -i cert.pub prod@10.0.1.5
                

                Connected.
                


                # 15 min later...
                

                Certificate expired.
                

                # No revocation needed.

Why NKS

Built for the agent era

Static keys are a liability. NKS replaces them with ephemeral, auditable, zero-infrastructure credentials.

Zero Static Keys

No private keys on disk. No key rotation schedules. Every credential is born with a death sentence. Certificates auto-expire after 15 minutes.

Edge-Native

Runs on Cloudflare Workers across 300+ locations. Certificates are signed at the nearest PoP. Sub-second latency from anywhere on earth.

One API Call

No SDKs. No client libraries. No agents to install. A single HTTP POST returns a signed certificate. Works with curl, Python, Go, or any language.

Full Audit Trail

Every certificate issuance is logged with serial number, requesting agent, target host, timestamp, and edge location. SOC 2 and compliance ready.

Agent-Native

Designed for AI agents, CI/CD pipelines, and automated workloads. No human-in-the-loop. Agents request credentials when they need them, not before.

98% Cheaper

At $0.000001 per certificate, NKS costs a fraction of traditional secret management. No servers to run. No licenses to renew. Pay only for what you sign.

Compare

How NKS stacks up

Purpose-built for ephemeral credentials. Not a general-purpose vault with SSH bolted on.

	NKS	Teleport	HashiCorp Vault	Smallstep
Setup Time	5 minutes	Hours to days	Days to weeks	Hours
Infrastructure	None (edge)	Auth proxy + nodes	Server cluster	CA server
Signing Latency	600ms (edge)	1-3s	2-5s	500ms-2s
Agent SDK Required	No	Yes (tsh/tbot)	Yes (vault agent)	Yes (step CLI)
Cost (10K certs/mo)	$0.01	$500+/mo	$1,200+/mo	$300+/mo
Global Edge
Audit Trail
AI Agent Optimized

Pricing

Simple, transparent pricing

Start free. Scale to millions of certificates. No hidden fees. No per-seat charges.

Free

For experimentation

$0 /month

1,000 certificates/month
1 API key
15-min TTL
Community support

Get Started

Starter

For small teams

$19 /month

50,000 certificates/month
5 API keys
Configurable TTL (5-60 min)
Audit log export
Email support

Start Trial

Popular

Pro

For production workloads

$49 /month

500,000 certificates/month
25 API keys
Custom TTL (1-120 min)
Webhook notifications
Host allowlisting
Priority support

Start Trial

Enterprise

For security-critical orgs

$199 /month

Unlimited certificates
Unlimited API keys
Custom CA integration
SAML/SSO
SOC 2 compliance report
Dedicated support + SLA
IP allowlisting

Contact Sales

At 100K certs/month, NKS costs $0.10 vs Vault's $1,200+. That's 98% cheaper.

Stop managing keys.
Start shipping agents.

Get your first certificate in 5 minutes. Free tier includes 1,000 certificates per month. No credit card required.

Start Free Read the Docs

One API Call. Ephemeral Credentials. Zero Infrastructure.