Scheduled access

Break-glass requests

An audited emergency path for opening a scheduled item outside its window — with approval, on Pro and Team.

Updated 2026-07-11

Sometimes production is on fire at 3 a.m. and the credential's window opens at 09:00. Break-glass is the designed escape hatch — deliberate, gated, and loud.

How it works

  1. A user requests out-of-window access to a specific item, with a reason.
  2. An authorized approver (per your org's roles) approves or denies it.
  3. On approval, the item becomes openable for a short grant period.
  4. Every step — request, approval, denial, and the unlock itself — is written to the append-only audit log, and relevant people are notified.

There is no silent override: break-glass by design cannot happen without leaving a trail.

Availability

Break-glass is available on Pro and Team plans. On personal accounts it lets you be your own approver with mandatory friction and logging; in orgs, the approver roles make it a real two-person control.

What it is not

Break-glass does not bypass encryption — the same key-unwrapping flow runs, just with an approved exception to the window. And nothing about it gives TimeLock the ability to read your data.

Ready for a vault that can't be read — even by us?

Start a free trial today. Your master password never leaves your browser, and any secret can be locked to a schedule.