Ever missed a certificate renewal and had a production outage? Or forgot to renew a software license until it was too late? I built CLARES to make sure that never happens again.
What is CLARES?
CLARES stands for Compliance License & Asset Reminder Engine System. It's a full-stack web application that tracks expiry dates of SSL certificates, software licenses, compliance certificates, and any custom asset type your organization manages — and sends email reminders before things expire.
I built it because every team I've worked with has the same problem: critical renewals tracked in spreadsheets, emails, or someone's memory. CLARES replaces all of that with a single, centralized dashboard.
The Problem
In any enterprise environment, you're juggling dozens (or hundreds) of:
- π SSL/TLS Certificates — expiring silently until your website goes down
- π Software Licenses — renewal dates buried in procurement emails
- π Compliance Certificates — audit deadlines that sneak up on you
- π API Keys, Tokens, Secrets — rotating credentials on schedule
The cost of missing even one renewal can be significant — from service outages to compliance violations. CLARES gives you a single pane of glass with urgency-based grouping and automated email reminders.
How It Works
Step 1: Login — Users authenticate with username/password. The server validates credentials, checks the account is active, and issues a JWT token (8-hour expiry). Deactivated accounts get a clear error message — no cryptic "session expired" nonsense.
Step 2: Dashboard — The home page auto-fetches all renewal items and groups them into four urgency buckets: Expired, Critical (≤14 days), Warning (≤30 days), and Upcoming (≤90 days). Summary cards show counts per catalog type.
Step 3: Manage Catalogs — The sidebar lists all catalog types. Click any catalog to view, add, edit, or delete entries. Upload up to 500 rows at once via CSV bulk import. Add custom catalog types beyond the built-in ones.
Step 4: Granular Permissions — Global admins see everything. Other users get per-catalog roles: No Access, View (read-only), or Admin (full CRUD). A user can be a viewer globally but an admin for specific catalogs. Permissions are enforced on both frontend and backend.
Step 5: Email Reminders — Configure SMTP settings from the admin page, test the connection, send a test email, then trigger reminders. Each item has its own reminder config — how many days before expiry and how many times to repeat. The system calculates exact send dates by evenly spacing repeats within the window (e.g. 30 days / 3 repeats → reminders at 30, 20, and 10 days before expiry).
Step 6: Automatic Scheduler — Enable the daily auto-reminder from Admin Settings and pick an hour (server time). A background scheduler checks every 60 seconds and fires once per day. A reminder_logs table tracks which reminder number has been sent per item — no duplicates, and missed reminders are caught up automatically.
Tech Stack
| Layer | Technology |
|---|---|
| Frontend | React 18, Vite 5, React Router v6 |
| Backend | Node.js 20, Express 4 |
| Database | PostgreSQL |
| Auth | JWT + bcrypt |
| Nodemailer (configurable SMTP) | |
| Deployment | Docker (multi-arch), Helm, Kubernetes |
Architecture
Vite + Router v6
Node.js + JWT
Database
The frontend is a React SPA built by Vite into static files. Express serves both the static files and the REST API on the same port. Authentication is stateless via JWT — no server-side sessions. The whole thing is packaged into a single Docker image using a multi-stage build.
Key Features
π Smart Dashboard
Items are automatically grouped by urgency. No more scanning through spreadsheets — you instantly see what needs attention. Summary cards give you counts per catalog type at a glance.
π Flexible Catalogs
Three built-in catalog types (Certificates, Licenses, SSL Certs) plus unlimited custom types. Each catalog tracks items with name, environment, expiry date, owner, notes, and per-item reminder settings.
π€ Bulk CSV Upload
Download a CSV template, fill it in, and upload up to 500 rows at once. Perfect for initial data migration or when you inherit a spreadsheet full of renewal dates.
π₯ Granular User Permissions
This was one of the trickier features. The permission model has two layers:
- Global role: Admin (everything) or Viewer (read-only)
- Per-catalog role: No Access, View, or Admin for each individual catalog
A user can be a global Viewer but have Admin rights on specific catalogs. This means you can delegate management of SSL certificates to the infra team without giving them access to license data.
π§ Smart Email Reminders
Configure any SMTP server (Exchange, Gmail, etc.) from the admin UI. Test the connection, send a test email, then trigger reminders. Each item can have its own reminder settings — how many days before expiry, and how many times to repeat.
The system calculates exact reminder dates by evenly spacing the repeat count within the reminder window. For example:
SSL cert expires June 10 · Remind 30 days before · Repeat 3 times
- Reminder 1 → May 11 (30 days before)
- Reminder 2 → May 21 (20 days before)
- Reminder 3 → May 31 (10 days before)
Emails include the reminder number (e.g. "reminder 2 of 3") and a color-coded status — red for ≤7 days, amber for ≤14, green for 14+.
⏰ Automatic Daily Scheduler
No more relying on someone clicking "Send Reminders" manually. Enable the automatic reminder scheduler from Admin Settings, pick an hour (0–23, server time), and CLARES handles the rest:
- Background check runs every 60 seconds
- Fires once per day at the configured hour
- A
reminder_logstable tracks which reminder number has been sent per item — no duplicate emails - If the server was down on a reminder date, it catches up automatically on the next run
- All activity logged in pod logs for observability
π Security
- Passwords hashed with bcrypt (12 rounds)
- JWT tokens with configurable expiry (default 8 hours)
- Role-based access control on every API endpoint
- Case-insensitive login
- Inactive account detection with clear error messaging
- Sessions in sessionStorage — cleared on tab close
Deployment: Docker + Helm
The app is containerized with a multi-stage Dockerfile and supports multi-architecture builds (amd64/arm64). For Kubernetes deployment, there's a complete Helm chart with:
- Deployment, Service, ConfigMap, Secret, and optional Ingress templates
- Separate values files for minikube (local dev) and production
- PostgreSQL deployed via the Bitnami Helm chart
- One-command database initialization:
kubectl exec deployment/clares -n clares -- node server/setup.js
The setup script is idempotent — it creates tables only if they don't exist and seeds a default admin user when the users table is empty. Safe to run multiple times.
Quick Start
# Clone the repo git clone https://github.com/DevOpsArts/clares.git cd clares # Option 1: Local development npm install cp .env.example .env # Edit with your DB credentials npm run setup-db npm run dev # Frontend → :5174, API → :3002 # Option 2: Kubernetes with Helm helm install clares-postgres bitnami/postgresql \ --set auth.database=clares --set auth.username=clares \ --namespace clares --create-namespace helm install clares ./helm/clares-engine \ -f ./helm/clares-engine/values-minikube.yaml \ --namespace clares kubectl exec deployment/clares -n clares -- node server/setup.js # Login with admin / admin
Try It Out
CLARES is open source on GitHub: github.com/DevOpsArts/clares
Check out the project page: devopsarts.github.io/clares
If you're managing renewal dates in spreadsheets, give CLARES a try. It takes under 5 minutes to deploy and the default admin account is ready out of the box.
Built with React 18, Node.js, Express, PostgreSQL, Docker, and Helm. Deployed on Kubernetes.
Post a Comment