Documentation

Session Management

Session Operations and Monitoring provides operational guidance for administrators who monitor active sessions, review recording data, track bastion fleet health, and detect upgrade-related drift.

Use this section to move from reactive troubleshooting to continuous runtime monitoring.

Start Here by Objective

  1. Fleet health and instance monitoring: Cluster and Instance Health
  2. Active and historical session visibility: Sessions Overview
  3. Session recording storage and retrieval: RDP Recordings and Web Access Session Recording
  4. Upgrade and compatibility monitoring: Version Drift and Upgrade Signals

For storage sizing and retention planning, use Storage and Recording Capacity.

Session Inventory and Recordings

Session inventory includes both active and completed lifecycle states, filtered by status, resource type, and visibility scope.

Use Sessions Overview for UI monitoring and list-sra-sessions for CLI-driven operational queries.

Session Recording

RDP Session Recording

RDP session recording refers to the process of capturing and storing the activities that occur during a Remote Desktop Protocol (RDP) session. These recordings create a video file of the entire session, preserving all user interactions within the remote desktop environment.

SRA allows you to automatically upload and store these video recordings in secure locations such as AWS S3 or Azure Blob Storage for long-term retention and review, or you can store them locally on the server.

Web Access Session Recording

Web access session recording captures browser-based web access sessions in Zero Trust Web Access (ZTWA). These recordings preserve the interactive web session and can be stored by using the ZTWA deployment configuration.

For full recording configuration options (quality, upload destination, compression, encryption, watchdog controls, and service-level overrides), see Web Access Session Recording.

Terminal-Based Sessions

For terminal-based sessions (such as SSH, DB, and Kubernetes), the system records a full transcript of the commands entered and their corresponding outputs. Session forwarding destination guidance is documented under Integrations and Automation.

ℹ️

Note:

Session recording and terminal session forwarding are different features. Use RDP Recordings for RDP video capture and Web Access Session Recording for browser-based ZTWA video capture.

Secret Locking and Rotation Timing

For sessions that use Static Secret and Rotated Secret items, Session Management supports the following controls:

  • Lock secret while session is active: Locks the secret for read and update actions while the SRA session is active.
  • Rotate after disconnection: Rotates the secret value when the SRA session ends.
  • Delayed rotation after disconnection: For rotated secrets, schedules rotation to run after a configured delay in minutes.

To configure these controls, open the relevant item and edit its Secure Remote Access settings in the Akeyless Console.

Session TTL Behavior

For standalone bastion deployments, the default session TTL is unlimited (0). In unified deployments, administrators can configure the session TTL in Gateway Remote Access settings.

For upgrade-phase validation and drift handling, see Version Drift and Upgrade Signals.

Hide Session Recording Indications

By default, a red blinking indicator appears to users to show that their session is being recorded. To hide the recording indicator, toggle the "Hide Session Recording Indications" slider in the "Remote Access" -> "Configuration" section within the Gateway settings in the UI.

Footer Section