Updated 2026-07-11
Sometimes production is on fire at 3 a.m. and the credential's window opens at 09:00. Break-glass is the designed escape hatch — deliberate, gated, and loud.
How it works
- A user requests out-of-window access to a specific item, with a reason.
- An authorized approver (per your org's roles) approves or denies it.
- On approval, the item becomes openable for a short grant period.
- Every step — request, approval, denial, and the unlock itself — is written to the append-only audit log, and relevant people are notified.
There is no silent override: break-glass by design cannot happen without leaving a trail.
Availability
Break-glass is available on Pro and Team plans. On personal accounts it lets you be your own approver with mandatory friction and logging; in orgs, the approver roles make it a real two-person control.
What it is not
Break-glass does not bypass encryption — the same key-unwrapping flow runs, just with an approved exception to the window. And nothing about it gives TimeLock the ability to read your data.