Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 20 Go zero-trust Projects
-
netbird
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
-
Pomerium
Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
-
Ory Oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.
-
intents-operator
Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
-
in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
-
Werbot
🔑 Share access for teams - self-hosted solution for teams with single sign-on for easy, secure shared access to servers, databases or applications.
-
cloudflare-zero-trust-operator
K8s operator for configuring Cloudflare Zero Trust :cloud: :zap: :closed_lock_with_key:
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard
This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.
https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard
This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.
Project mention: Ask HN: What is your experience of tamper proof systems? | news.ycombinator.com | 2024-01-05
Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.
Option 3: Pomerium might be an alternative as well.
Project mention: OpenTerraform – an MPL fork of Terraform after HashiCorp's license change | news.ycombinator.com | 2023-08-11no, it and a ton of other things in their GH org are still MPL (for now): https://github.com/hashicorp/hcl-lang/blob/main/LICENSE including, confusingly https://github.com/hashicorp/boundary/blob/main/LICENSE which I would have thought would have fallen into the same "but AWS gonna steal our shit" fearmongering as Nomad, did to say nothing of the future in which AWS offers Managed Vagrant™ :eyeroll:
Project mention: Show HN: Pico: An open-source Ngrok alternative built for production traffic | news.ycombinator.com | 2024-05-14I worked on a minimal self-hosted ziti for Docker here https://github.com/openziti/ziti/tree/release-next/quickstar... and minimal self-hosted zrok (includes ziti) for Docker here https://docs.zrok.io/docs/guides/self-hosting/docker/
...so, basically:
wget https://get.openziti.io/dock/all-in-one/compose.yml
Project mention: List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting. | dev.to | 2024-04-30zrok - Aims for effortless sharing both publicly and privately. Supports multiple types of resources, including HTTP endpoints and files. Built on OpenZiti (see overlay section below). Apache 2 License. Written in Go.
Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
Project mention: Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters | dev.to | 2024-01-10No more! The open-source intents-operator and credentials-operator enable you to achieve the same, except without all that work: do it all from Kubernetes, declaratively, and just-in-time, through the magic of IBAC (intent-based access control).
Project mention: Kubernetes Exposed: One YAML Away from Disaster | news.ycombinator.com | 2023-08-08https://github.com/openziti-test-kitchen/kubeztl/tree/main
disclosure: i am a maintainer and the software overlay in the middle (helps enforce outbound-only, pre-authorized connects only) needs to be managed (self-hosted foss or hosted saas), so there are still trade-offs.
Go zero-trust related posts
-
Show HN: Wag, MFA and Enrollment for WireGuard
-
Show HN: OpenZiti (Apache 2.0, P2P, E2E encrypted, full mesh overlay) is now 1.0
-
Werbot VS trasa - a user suggested alternative
2 projects | 9 Apr 2024 -
Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More
-
Securing CI/CD Images with Cosign and OPA
-
Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
-
Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
-
A note from our sponsor - InfluxDB
www.influxdata.com | 1 Jun 2024
Index
What are some of the best open-source zero-trust projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | netbird | 9,468 |
2 | Netmaker | 9,061 |
3 | immudb | 8,508 |
4 | cosign | 4,156 |
5 | Pomerium | 3,905 |
6 | boundary | 3,800 |
7 | Ory Oathkeeper | 3,180 |
8 | ziti | 2,175 |
9 | zrok | 2,143 |
10 | spire | 1,688 |
11 | warrant | 1,035 |
12 | intents-operator | 280 |
13 | in-toto-golang | 114 |
14 | sdk-golang | 91 |
15 | Werbot | 85 |
16 | spiffe-vault | 76 |
17 | sshizzle | 70 |
18 | cloudflare-zero-trust-operator | 46 |
19 | farmfa | 22 |
20 | kubeztl | 5 |
Sponsored