Feature

Agents & mTLS

Push-only architecture, client certificates with a 24-hour TTL, auto-rotation.

The Unimoni agent is a small Go binary (~12 MB) that collects host, container and service metrics and pushes them to your API over mTLS. No open inbound ports on your servers. Certificates are issued by the built-in CA with a 24-hour TTL and rotate automatically. If one host is compromised, the attack window stays minimal.

Key properties

✓Push-only over mTLS — no inbound ports on your servers
✓Certificate auto-rotation every 24 hours
✓Host metrics (CPU/RAM/disk/network), Docker, systemd services, custom via OTLP
✓Identity from the peer cert, not a header — spoofing is structurally impossible
✓One statically linked binary — drop it in /usr/local/bin and forget it

Related features

Security

2FA, passkeys, SCIM, audit log, JWT key rotation, secrets via SecretBox.

Multi-region

Multiple TSDB instances, ingest routed per-agent, queries per-request.

Try it free Documentation