Add Ephemera to Identity Management - Tools and web interfaces

[Qarait]

• Your additions are Free software
• Software you are submitting is not your own, unless you have a healthy ecosystem
• Submit one item per pull request
• Format your submission correctly
• Additions are inserted preserving alphabetical order
• Additions are not already listed at awesome-selfhosted
• The Language tag is the main server-side requirement
• You have searched for relevant issues or PRs
• Any software project you are adding is actively maintained
• The pull request title is informative

---

Why is it awesome?
Ephemera eliminates static SSH keys with short-lived certificates (5-15 min), enforces hardware-backed WebAuthn MFA, provides cryptographically verifiable audit trails, and supports HSM integration — all self-hosted with zero external dependencies.

Have you used it? For how long?
Yes, I built and maintain it. In active use for several months.

Is this in a personal or professional setup?
Personal homelab and development environment.

How many devices/users/services do you manage with it?
5+ servers across Docker and WSL2 environments.

Biggest pros/cons compared to other solutions?
Pros: Self-hosted, WebAuthn MFA, explicit RBAC, Docker-ready, SoftHSM support, documented threat model.
Cons: Newer project compared to established solutions like Smallstep.

Any other comments?
OpenSSF Best Practices badge, Codacy Grade A, comprehensive documentation including threat model and disaster recovery guides.