Getting started

Welcome to Vigilo

Vigilo is a single platform for the three jobs that keep an SRE team from sleeping at night: catching expiring SSL certificates before they break things,…

Last updated

Overview

Vigilo is a single platform for the three jobs that keep an SRE team from sleeping at night: catching expiring SSL certificates before they break things, coordinating IT change without spreadsheets, and proving to an auditor that the controls you say you have actually fire when they're supposed to.

Most organisations buy three tools for this — a cert monitor, an ITSM, and a GRC suite — and end up wiring webhooks between them at 3am. Vigilo collapses all three into one workspace with one identity layer, one audit log, one set of approval policies, and one place where humans, certificates, hosts, vendors, and changes all live together.

Why it exists

The proximate cause of most outages is rarely the thing it looks like. A certificate doesn't just "expire" — somebody owned its renewal, but the ticket lived in a different system from the cert, the alert went to a Slack channel nobody was in, and the change to rotate it never got approved because the approver was on holiday and the approval policy didn't know about a delegate. Vigilo exists because the boundaries between those tools are where outages live. By bringing them into one platform we can make the certificate know about its change, the change know about its incident, and the audit log know about all of it.

Key concepts

  • The three pillars — Vigilo ships three product surfaces in one app: ITSM (changes, approvals, CAB, incidents, tasks, projects), Reliability & monitoring (SSL/TLS certificate scanning, host health, alert rules, SLOs, status pages), and Compliance & governance (risk register, vendor risk, frameworks, audit log). They share the same identity, RBAC, audit log, and webhook bus.
  • Workspaces — A workspace is Vigilo's tenancy boundary. Every model row carries a workspace_id and Postgres row-level security (RLS) enforces isolation in the database itself, not just the application layer. A user can belong to many workspaces with different roles in each.
  • Roles — Six roles ship out of the box: viewer, member, approver, admin, owner, and platform_admin. Roles are workspace-scoped (except platform_admin) and gate both UI surfaces and API endpoints via the WorkspaceScopedMixin.
  • Events — Almost every state change in Vigilo emits an event through the dispatch_event bus. Events drive webhooks, playbooks, the in-app notification bell, and the audit log. If something happens, there's an event for it.
  • Audit log — Every state change writes an immutable audit row. Filterable by actor, target, action, time window, and workspace. The audit log is what makes Vigilo defensible to an auditor.

Common workflows

1. Sign in for the first time

If your admin invited you, you'll land on the OIDC login screen at /login. Vigilo uses Keycloak by default but any OIDC-compliant IdP works. After authentication you're sent to your last-visited workspace (or to /workspaces/new if you have no memberships).

2. Switch between workspaces

Use the workspace switcher in the top-left of the sidebar. Vigilo remembers your last workspace in localStorage and the URL always carries the slug (/ws/<slug>/...), so deep links survive sign-out.

3. Find your way around

The sidebar groups every page into six buckets:

  • Work — changes, approvals, tasks, projects, incidents
  • Reliability — certificates, monitoring, SLOs, status pages
  • Inventory — assets, vendors
  • Governance — risks, compliance
  • Knowledge — catalog, docs, analytics, AI assistant
  • Admin — integrations, members, settings (admin/owner only)

The Help icon in the top bar opens a slide-over with the article that matches your current page. Try it now from any page.

4. Get help on a specific page

Press the ? icon in the top bar to open the contextual help panel. Vigilo maps the route you're on to a help article — if there isn't one yet, the panel offers a link to the Help Center landing page.

Permissions & gating

Most pages render for every member of the workspace. The exceptions:

  • Approvals, vendors, and compliance require the approver, admin, or owner role.
  • Members, settings, integrations, and status page require admin or owner.
  • Executive dashboard, cost attribution, and the plugin registry are platform_admin-only and live under /ws/<slug>/platform/....

See Inviting your team for the full role matrix.

Troubleshooting

  • "I don't see any workspaces after signing in." — You haven't been invited yet. Ask your admin to add you, or create your own at /workspaces/new.
  • "Pages I expect to see are missing from the sidebar." — Your role doesn't include them. Check the role badge next to your name in the sidebar; admin+ roles see everything.
  • "The app keeps redirecting me to /login." — Your OIDC session expired. Sign in again. If the loop persists, clear cookies for the Vigilo domain and your IdP.
  • "Dev mode is showing a yellow DEV badge." — You're using dev login (no real OIDC). This is fine locally; flip back by visiting /login in a production build.

Related articles