Dashboard
System overview ·
Live Activity
Security Status
Server hardening and security posture
TLS Certificates
Public-facing HTTPS certificates served by the edge gateway. Auto-renewed via Let's Encrypt certbot timer. Green = more than 30 days. Amber = 8 to 30 days. Red = 7 days or fewer.
| Domain | Issuer | Expires | Days remaining | Status |
|---|---|---|---|---|
| Click Refresh to load. | ||||
Apple App Store Connect API
Health of the connection to Apple's developer API used for device registration, profile regeneration, and certificate management. Green = working. Amber = warning. Red = broken.
Backups
Daily automated backup to off-host S3 storage. Green = backup ran within last 24 hours. Amber = 2 to 3 days. Red = 4 days or more without a successful backup.
Services
SOLUS Location
Infrastructure
| Loading... |
Users
Registered SOLUS accounts
| Name | Username | Account Status | Last Active | App Registered? | App Version | Device Status | Manage Account |
|---|---|---|---|---|---|---|---|
| Loading... | |||||||
Conversations
Active end-to-end encrypted conversations
| Room ID | Members | Last Activity | Actions |
|---|---|---|---|
| Loading... | |||
Call Log
Voice call history
| Time | Caller | Recipient | Status | Duration |
|---|---|---|---|---|
| Loading... | ||||
Broadcast Message
Send an encrypted message to all SOLUS users via the broadcast room
Broadcast History
App Releases
SOLUS iOS device distribution
Upload New Release
Release History
| Version | Build | Size | Uploaded | By | Status | Actions |
|---|---|---|---|---|---|---|
| Loading... | ||||||
Audit Log
Tamper-evident security event record
| Time | User | Event | Category | IP Address | Outcome |
|---|---|---|---|---|---|
| Loading... | |||||
Vault
The vault is a locked safe that holds the most sensitive items SOLUS owns: the Apple signing certificate and password used to sign and release the iOS app. Storing these in the vault means no one (not even a system administrator) can read them directly from disk. The vault only opens when 3 of 5 unseal keys, held by separate trusted people, are entered together. In normal operation the vault stays open. It only locks itself when the server is restarted, and an administrator must open it again before iOS builds can be signed.
Is the vault open or locked?
Tells you whether the vault is currently open or locked. When it is locked, the SOLUS admin service cannot read the Apple signing items, which means new iOS builds cannot be signed or released.
Open the vault
Paste one unseal key, then click Submit key. Repeat with two more keys (different ones each time) until the vault is fully open. The five unseal keys live in the password managers of five separate trusted staff. No one person can open the vault on their own.
Test the secrets
Reads each of the Apple signing items from the vault to confirm they are stored correctly and the SOLUS admin service can read them. Run this after opening the vault to be sure everything works. Three rows showing OK means all good.
Backup copy
An extra encrypted copy of the Apple signing items, kept on disk separately from the vault itself. Used only for disaster recovery if the vault is ever destroyed and has to be rebuilt from scratch. The file is locked with a 50-character password held in a password manager. Without that password the file is useless to anyone who finds it.
Activity log
A permanent record of every time someone or something reads a secret from the vault. Used to spot unauthorised access. Each line shows the time and what was read. The actual secret values are never written to this log. Entries cannot be edited or deleted.
System Logs
Real-time service output
Federation
Federation lets users on this SOLUS deployment send messages to and receive messages from users on another agency's SOLUS deployment, when both agencies have explicitly approved each other. This is how interagency communication works. It is controlled by a strict allowlist: only the named SOLUS deployments below can exchange messages with this one. Federation is disabled by default. Internal messaging between users on this deployment does not use federation and is unaffected by anything on this page.
Status
Configuration preview. Changes are held in this browser session only and do not yet propagate to the server.
Audit
Every change made on this page will be recorded in the audit log when federation is activated.
Settings
Agency configuration. All changes are logged to the audit trail.
A legal hold prevents message deletion for a specific user or room, regardless of the global setting. Apply when a user or room is subject to an FOI request, litigation or investigation.
Select the regulatory framework that applies to your agency. The preset will suggest recommended settings. You must review and confirm before any changes are applied.
Log and track discovered vulnerabilities. Included in audit exports.
These values appear on the Containers page. Update them to reflect your deployment.