Drift Detection

Lockwave detects when authorized_keys files have been manually modified.

Drift Detection

Drift occurs when someone manually edits an authorized_keys file outside of Lockwave.

How It Works

On every sync cycle, the daemon:

  1. Reads the current authorized_keys file
  2. Compares it against the desired state from the control plane
  3. Reports any differences as drift

Drift Status

Hosts with drift are marked with a drift status badge in the hosts list. Click on the host to see details about which keys were added or removed manually.

Resolution

Lockwave automatically corrects drift on the next sync cycle by overwriting the authorized_keys file with the desired state. This is the core of atomic enforcement — the control plane is always the source of truth.

Back to Security Still need help?