Your secrets vault, watched.

A secrets manager you can actually keep an eye on.

OpenBao holds your most sensitive secrets, so a sealed node or a blocked audit log is not something you want to find out about late. Suriq reads the cluster live, watches the things that bite, and turns them into a status you can read at a glance.

• Whether each node is sealed or unsealed, watched without a pause - so a node that seals raises an alert, not a surprise
• The whole raft cluster on one screen: every node, which one is the leader, who is a voter, who is on standby, and the version each is running
• Whether the cluster still has an active node serving secrets at all - the alert you most want and least want to miss
• Audit logging that has stopped or had a device removed, flagged the moment it happens
• Certificates heading for expiry, so a PKI issuer does not lapse on a quiet weekend
• Tokens and leases piling up before they become a memory problem
• A node running a different version than the rest of the cluster
• Quiet edits to the OpenBao config on disk, caught and recorded

• Unseal a node through a guided ceremony - one key share at a time, never stored
• Take a raft snapshot of the cluster on the active node, in one click
• Hand off leadership by stepping the active node down, when you need to drain it
• Seal a node fast when something is wrong - the panic button, right there
• Tidy stale tokens, leases and certificates, or rotate a CRL, without SSH-ing in
• Every action is one you trigger, runs with its work shown, and is logged - so you can prove what changed and when

It starts with zero credentials. OpenBao's health, seal-status and leader endpoints are open by design, so a Guardian on the host can read seal state, cluster identity, leadership and version with no token at all. When you are ready for the deeper view - leases, tokens, PKI, audit devices, raft config - a short opt-in wizard provisions two read and action tokens with least-privilege policies. The bootstrap is one-shot and never stored.