Lumen Logistics
standing SSH keys in production after the v2 rollout
Retired a sprawling SSH key inventory in favor of short-lived certificates issued by Wardengate at connect time. Operators kept their existing tooling; the security team gained an identity-backed audit trail for every session against warehouse, routing, and cross-border customs systems.
The challenge
Warehouse automation, routing engines, and customs integration servers were reachable via a decade-old SSH key inventory. Keys were shared, rarely rotated, and impossible to attribute when something went wrong across 18 countries.
The approach
- Issued short-lived SSH certificates at connect time via the gateway broker.
- Left operator workflows unchanged — same ssh client, same hostnames.
- Phased rollout by region, starting with the highest-traffic EU hub.
- Automated key retirement checks before decommissioning legacy jump hosts.
Results
- 4,200 legacy SSH keys revoked with no operator workflow change.
- Every production session attributed to a named identity in the audit ledger.
- Cross-border customs system access reviewable by region and time window.
“The migration went so quietly that the ops team did not realize it was done. That was the goal.”
More case studies
Financial services
A Fortune 500 financial services firm
92% reduction in standing privilege across production
Healthcare
NorthBay Health
14 weeks from kickoff to first external audit with wardengate evidence
Industrial manufacturing
Axon Manufacturing
63% faster vendor access reviews for ot and control systems