An Open Source, Self-Hosted PaaS for Deployment, Hosting and Secure as well as Public Access

Seamlessly Deploy Containers via Octelium and Provide Secure as well as Public Anonymous Access for your Containerized Microservices such as APIs, Blogs and Development as well as Production Web Applications.

A Unified Zero Trust Architecture that Supports both the Private VPN-like Client-based Mode over WireGuard/QUIC Tunnels as well as the Client-less Public BeyondCorp Mode via Browsers.

Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2.

Application-layer Aware Access Control via Identity-based Context-aware ABAC and Policy-as-Code via CEL and Open Policy Agent (OPA)

Provide Unified Access to all your REST and gRPC APIs for your Workloads written in any Programming Language via Standard OAuth2 Client-Credentials Flow without having to use Special SDKs

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.

A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers

Dynamically Apply Native FIDO2 Passkey/WebAuthn, Time-based one-time Password (TOTP) Authentication and TPM 2.0 Authentication. Enforce Using Attested Hardware-based FIDO2 Authenticators in your Access Control Decisions.