All posts
September 9, 20251 min read

They gave me root access, and I knew that was a mistake

Every engineer knows the dread of granting permanent VPN credentials. Static keys become forgotten vulnerabilities. Old users keep inherited access. Secrets leak. Attack surfaces widen. The idea of secure access erodes the longer credentials live. Just-In-Time Access Approval changes this completely. Instead of always-on VPN tunnels, it delivers least-privilege access only when needed, and only for as long as approved. That means an engineer can request access to a production database, get it a

Free White Paper

Read-Only Root Filesystem: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

Every engineer knows the dread of granting permanent VPN credentials. Static keys become forgotten vulnerabilities. Old users keep inherited access. Secrets leak. Attack surfaces widen. The idea of secure access erodes the longer credentials live.

Just-In-Time Access Approval changes this completely. Instead of always-on VPN tunnels, it delivers least-privilege access only when needed, and only for as long as approved. That means an engineer can request access to a production database, get it approved instantly, and lose it automatically after the task is complete. No standing credentials. No leftover permissions.

The best VPN alternative today isn’t a VPN at all. Just-In-Time Access removes fragile trust models and hard-coded whitelists. It plugs into your existing identity provider. It works with your cloud and on-prem systems. Approval flows can be automated or manual, with a permanent audit trail. Compliance teams get the logs they need. Security teams get the control they want.

VPNs were built for a different era—when networks were physical, static, and hard to reach. Now companies run workloads across multi-cloud, hybrid environments, and remote teams. Static tunnels introduce unnecessary risk. Just-In-Time Access flips the default: zero access until it’s required, verified, and time-bound.

Continue reading? Get the full guide.

Read-Only Root Filesystem: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

A strong Just-In-Time system works by:

  • Integrating with SSO for identity-based rules.
  • Enforcing time limits on every access grant.
  • Recording every request, approval, and action.
  • Supporting multi-factor authentication per request.

The result is a model that scales without breaking security. Whether you’re securing SSH to critical servers, database query sessions, or management consoles, an on-demand approval flow ensures nothing persists beyond the task. Attackers can’t move laterally without an active session. Internal misuse gets harder because there is no always-open door.

This is not about adding yet another layer of complexity. It’s about removing the outdated assumptions behind VPN use and replacing them with an explicit, temporary, accountable method of access. It means locking down every service until it’s intentionally unlocked for a narrow, time-boxed purpose.

You can see the power of Just-In-Time Access Approval without months of integration work. Try it at hoop.dev and watch it go live in minutes. No standing VPN. No permanent keys. Just controlled, auditable, immediate access—exactly when it’s needed, and never longer.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts