Octelium
Documentation

Access Methods

Cordium Workspaces are accessible through four methods: the web portal, the cordium CLI, SSH, and the gRPC API.

Web Portal

The Cordium portal is a browser-based interface for managing and interacting with Workspaces without installing any software. It is the primary interface for users and teams who want clientless access to their Workspaces.

The Octelium web portal authenticates HUMAN Users through Octelium's IdentityProviders, including GitHub OAuth2 or any OpenID Connect or SAML 2.0 IdP (read more here). After successful authentication, an Octelium Session is established and persisted in the browser.

Once authenticated, Users can visit the Cordium web portal at the URL https://cordium.<domain>. The portal provides a dashboard showing all Workspaces owned by the authenticated user, their current state, and basic metadata. From the dashboard, users to manage their Workspaces. The portal includes a full-featured browser-based terminal that connects to a running Workspace.

Workspace applications (read more here) are accessible through the portal's reverse proxy. Each application is reachable at a subdomain of the portal domain:

  • The default application: <workspace>.cordium.<domain>

  • Named applications: <app>_<workspace>.cordium.<domain>

  • Specific ports: port_<number>_<workspace>.cordium.<domain>

The portal handles the OAuth2 authorization code flow for GitProvider authentication. When a user needs to authenticate with a GitProvider (GitHub, GitLab, or a custom OAuth2 provider) for a Template that references one, the flow proceeds entirely through the portal. Subsequent Workspace starts from that Template automatically inject the stored token. Tokens older than 90 days are cleaned up automatically.

CLI

The cordium CLI is the primary tool for day-to-day Workspace management from a terminal. It provides access to the full Cordium API with a command structure designed around common workflows. You can find the dedicated guide page for CLIs here.

SSH Access

Cordium provides standard, secretless SSH access to Workspaces via a dedicated SSH Octelium Service that's implemented by an identity-aware proxy in the Cluster. Cordium Workspaces do not use traditional SSH key-based authentication. Authentication is handled at the Octelium Cluster using the user's session identity. The cordium ssh command manages this transparently. For direct SSH access without the CLI (for editors like VS Code Remote SSH or JetBrains Gateway), generate an SSH config fragment:

export OCTELIUM_DOMAIN=<DOMAIN> # First, connect to the Cluster octelium connect -d # Then print the SSH config cordium ssh --print-config abc >> ~/.ssh/config # Now SSH into the Workspace as follows ssh cordium-abc # Use other tools such as rsync, code, zed rsync -P cordium-abc:/home/ubuntu/octelium/bin/octelium /tmp
note

You can also use cordium ssh command to SSH into a Workspace via an embedded SSH client inside the cordium CLI. You can read more here.

API

The complete Cordium API is exposed over gRPC. This is the interface used by the cordium CLI and the web portal. You can read the dedicated API page here.