⚖️ For Legal & GovTech

AI agents in court —
without holding the certificate.

Courts and government portals demand digital certificates and multi-factor logins. 4Keyless lets your AI agents and automations reach PJe, e-SAJ, Gov.br and international systems — while the private key never leaves the vault.

⚖️ PJe 📑 e-SAJ 🇧🇷 Gov.br 🔑 ICP-Brasil A1/A3 🇪🇺 eIDAS 🇺🇸 PIV / CAC

Automating court access is a credential minefield

Judicial and government systems were never designed for agents. Their authentication is exactly where automation breaks — and where secrets leak.

Without 4Keyless

  • The ICP-Brasil .pfx and its password get copied into scripts, bots and developer laptops
  • A1 certificates shared across a whole firm — impossible to know who filed what
  • Gov.br and court MFA prompts break unattended automations
  • No record tying a petition or query to a specific agent, case or operator
  • A leaked private key can sign on behalf of the certificate holder — legally binding

With 4Keyless

  • Certificates stay in HashiCorp Vault; the proxy performs mTLS so the agent never sees the key
  • Per-agent access policies — revoke a single bot without touching the certificate
  • TOTP and certificate-based logins injected automatically, no human in the loop
  • Every court request signed and logged: agent ID, system, URL, timestamp, client IP
  • Block any agent in seconds from the admin panel — no redeploy, no key rotation

Built for the systems lawyers actually use

One gateway, three certificate ecosystems — Brazil, the European Union and the United States.

🇧🇷

Brazilian courts & gov

Reach the judicial and government portals your practice depends on:

  • PJe — Processo Judicial Eletrônico (CNJ)
  • e-SAJ — tribunais estaduais (TJSP and others)
  • Gov.br — single sign-on for federal services
  • Projudi, Eproc and other tribunal portals

Authentication via ICP-Brasil A1 (software .pfx) and A3 (token/smartcard) certificates.

🇪🇺

European Union

Certificate-based access aligned with the EU trust framework:

  • eIDAS qualified certificates (QWAC / QSeal)
  • e-Justice Portal and national court e-filing
  • e-CODEX cross-border case exchange
  • National QTSP-issued client certificates

Mutual-TLS with the full certificate chain (PkiPath / p7s) preserved on upload.

🇺🇸

United States

Federal and state access for the US judiciary stack:

  • PACER and CM/ECF federal e-filing
  • Login.gov federal service sign-on
  • PIV / CAC smartcard client certificates
  • State court portals with TLS client auth

X.509 client certificates and TOTP injected by the proxy, never exposed to the agent.

How certificate injection works

Upload the certificate

Add your ICP-Brasil, eIDAS or PIV/CAC .pfx. 4Keyless validates the password, extracts the full chain (PkiPath) and stores it encrypted in Vault.

Define a policy

Bind agent groups to the court systems they may reach and the credential group to use. Add an ASK approval step for sensitive filings.

Agent calls the proxy

The agent makes a normal HTTPS request to PJe or PACER through 4Keyless — with no certificate, key or password in its context.

Proxy authenticates & logs

4Keyless completes the mTLS handshake or TOTP login with the upstream and records a signed, tamper-evident audit entry.

Designed for the duty of confidentiality

Legal and government data is among the most sensitive there is. 4Keyless keeps private keys out of agent context, enforces tenant isolation, and produces an Ed25519-signed trail of every access — supporting LGPD, GDPR and your professional duty of confidentiality.

4Keyless is a security and access-governance product, not a law firm. Nothing here is legal advice; how you automate court and government access should be validated with a qualified attorney and against each system's terms of use.

Give your agents court access, not your keys.

Free forever — no credit card. Deploy in minutes.