KeyNest Waitlist

Private alpha

Connect through the TLS proxy after founder approval.

KeyNest private alpha is a founder-operated Valkey endpoint for accepted design partners. Billing, self-serve provisioning, multi-tenant isolation, SLA, and compliance commitments are not active.

Endpoint redis.keynest.dev:6380
Protocol Valkey RESP over TLS with password authentication.
Access Port 6380 is public for Lambda clients; SSH and raw Valkey stay firewall-restricted.
Backups restic backup timer plus restore verification before the endpoint is marked usable.
Lifecycle Each design-partner database has founder metadata, quota notes, backup status, and credential version history.
Gates Access, metering, restore, monitoring, and incident evidence must pass before expanding private-alpha usage.
redis-cli smoke test 
redis-cli --tls -h redis.keynest.dev -p 6380 -a "$KEYNEST_VALKEY_PASSWORD" PING
Repository smoke test 
KEYNEST_VALKEY_HOST=redis.keynest.dev \
KEYNEST_VALKEY_PORT=6380 \
KEYNEST_VALKEY_PASSWORD="$KEYNEST_VALKEY_PASSWORD" \
npm run service:verify
Founder lifecycle record 
go run ./cmd/founderctl alpha create \
  --id acme-cache \
  --owner "Acme" \
  --support-contact ops@example.com \
  --workload sessions \
  --provider digitalocean \
  --region nyc3 \
  --plan cost-optimized-alpha \
  --endpoint redis.keynest.dev:6380
Readiness gate 
npm run service:usage -- --host redis.keynest.dev --port 6380 --tls
npm run phase1:restore-drill -- --host redis.keynest.dev --port 6380 --tls
go run ./cmd/founderctl alpha check-gates --id acme-cache

Before connecting traffic

  • Confirm the workload qualifies for private alpha and has a named support contact.
  • Create a founder lifecycle record before sharing credentials.
  • Use the runtime password shared out of band.
  • Use the public CA certificate for normal TLS verification.
  • Use TLS and set explicit connection timeouts.
  • Do not store production secrets, regulated data, or unrecoverable state during private alpha.

First client: Emcognito

  • emcognito-new-ui runs on Lambda, so no source CIDR is required.
  • Store the KeyNest password in the Emcognito secret manager.
  • Use a key prefix such as emcognito:<service>:<purpose>:<id>.
  • Start with a low-risk cache or rate-limit workload with TTLs.
  • Keep the current backend available behind a feature flag for rollback.