Show HN: Kekkai – a simple, fast file integrity monitoring tool in Go

Monitoring/Observability

Show HN: Kekkai – a simple, fast file integrity monitoring tool in Go I built a tool called *Kekkai* for file integrity monitoring in production environments. It records file hashes during deployment and later verifies them to detect unauthorized modifications (e.g. from OS command injection or tampering).

Why it matters:

* Many web apps (PHP, Ruby, Python, etc.) on AWS EC2 need a lightweight way to confirm their code hasn’t been changed. * Traditional approaches that rely on metadata often create false positives. * Kekkai checks only file content, so it reliably detects real changes. * I’ve deployed it to an EC2 PHP application in production, and it’s working smoothly so far.

Key points:

* *Content-only hashing* (ignores timestamps/metadata) * *Symlink protection* (detects swaps/changes) * *Secure S3 storage* (deploy servers write-only, app servers read-only) * *Single Go binary* with minimal dependencies

Would love feedback from others running apps on EC2 or managing file integrity in production.

Show HN: Kekkai – a simple, fast file integrity monitoring tool in Go

Description

More from Hacker

Zirgen: Compiler for a Domain-Specific Language

Show HN: Miditui – a terminal app/UI for MIDI composing, mixing, and playback

PgX – Debug Postgres performance in the context of your application code

Charm Ruby – Glamorous Terminal Libraries for Ruby