The Modern, Open Source, Self-Hosted Zero Trust Network Access Platform
Octelium is Free and Open Source Software
Modern, Unified Zero Trust Network Access
Replace your Business VPNs and Traditional Remote Access Tools with a Modern, FOSS, Self-Hosted, Unified ZTNA Solution that Supports both Client-based Access as well as Clientless/BeyondCorp Access for both Humans and Workloads to Private/Internal Resources behind NAT Scattered Across Multiple Clouds and Environments as well as Protected Public Resources such as SaaS APIs and Databases
Much More than a Typical ZTNA
Octelium is a Unified Zero Trust Architecture that can Operate as a Comprehensive ZTNA/BeyondCorp Solution, a Remote Access VPN, an API/AI/MCP Gateway, a Programmable Reverse Proxy and Tunneling Infrastructure, PaaS-like Platform, and More.
Secretless Access to APIs, SSH and Databases
Provide Dynamic Secretless Access to HTTP-based Resources without Sharing and Distributing API Keys to Users, PostgreSQL and MySQL Databases without sharing Passwords, SSH Servers without Managing Keys and Certificates as well to Kubernetes Clusters without Sharing Kubeconfigs
Application-layer Aware Access Control
Access Control at the Application-layer (L7) (e.g. HTTP paths and methods, Kubernetes namespaces and verbs, PostgreSQL queries, etc...) using Identity-aware Proxies (IAPs) via Context-aware Policy-as-Code via CEL and OPA
Zero-Config Client-based ZTNA
Seamless Dual-Stack Client-based Client-based Access over WireGuard/QUIC Tunnels that Eliminates Traditional VPN Routing and NAT64 Problems with Automatic Centralized Private DNS
Clientless BeyondCorp Access for Humans and Workloads
Public Clientless BeyondCorp access for both Humans via their Browsers asl well as Workloads written in any Programming Language via Standard OAuth2 Authentication Flow and Bearer Authentication Eliminating the Need to Use Clients or Special SDKs. Octelium even Supports Anonymous Access for Public Web Apps and APIs.
Built for Scalability and Availability
A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability
A Platform for Deployment, not just Access
A PaaS-like Platform to Effortlessly Deploy, Scale and Secure Access to Containerized Applications of any Kind.
Centralized, Declarative and Programmable Management
Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.
Integrate your OIDC/SAML SSO Providers
Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2. Force Strong MFA via FIDO2 Phishing Resistant Authenticators into Access Control to Sensitive Resources.
OpenTelemetry-native Real-time Visibility
OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers
Octelium is Free and Open Source Software