Go zero-trust

Open-source Go projects categorized as zero-trust

Top 17 Go zero-trust Projects

  • immudb

    immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

    Project mention: Immudb release, open source tamper-evident database now supports Document Model | news.ycombinator.com | 2023-10-19
  • Netmaker

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

    Project mention: Connecting several hundreds IoT (raspberry pi's) devices with a VPN | /r/VPN | 2023-12-07

    My plan is to set up an EC2 instance and host a VPN, considering options like Netmaker, OpenVPN, or Tailscale. The goal is to connect these devices to the VPN, enabling SSH access from any connected node. This method seems cost-effective(Considering I want to use 100s of devices and potentially 1000s) and straightforward, requiring a simple setup with a sudo apt command on the Raspberry Pi.

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • netbird

    Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.

    Project mention: Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More | /r/SysAdminBlogs | 2023-11-17

    NetBird is a configuration-free, peer-to-peer private network combined with a centralized access control system. Utilizing a WireGuard-based overlay network, it ensures encrypted connections between machines without the need for complex configurations such as port openings, intricate firewall rules, or VPN gateways. Prioritizes security with intuitive management of granular access policies for secure remote access, applicable universally across any infrastructure. petr205 explains, "Their SaaS version is free up to 100 machines and 5 users, but the self-hosted version is exactly the same and has very low requirements."

  • cosign

    Container Signing

    Project mention: Securing CI/CD Images with Cosign and OPA | dev.to | 2023-11-15

    Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.

  • Pomerium

    Pomerium is a context-aware access gateway.

    Project mention: OAuth server for authorization | /r/googlecloud | 2023-12-05

    Option 3: Pomerium might be an alternative as well.

  • boundary

    Boundary enables identity-based access management for dynamic infrastructure.

    Project mention: OpenTerraform – an MPL fork of Terraform after HashiCorp's license change | news.ycombinator.com | 2023-08-11

    no, it and a ton of other things in their GH org are still MPL (for now): https://github.com/hashicorp/hcl-lang/blob/main/LICENSE including, confusingly https://github.com/hashicorp/boundary/blob/main/LICENSE which I would have thought would have fallen into the same "but AWS gonna steal our shit" fearmongering as Nomad, did to say nothing of the future in which AWS offers Managed Vagrant™ :eyeroll:

  • Ory Oathkeeper

    A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  • spire

    The SPIFFE Runtime Environment (by spiffe)

  • ziti

    The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

    Project mention: Has anyone tried OpenZiti? | /r/selfhosted | 2023-07-07

    If you are not aware of what OpenZiti is, this is the description available on their website:

  • intents-operator

    Manage network policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.

    Project mention: Alternative to Network Policys | /r/kubernetes | 2023-02-02

    As you've mentioned, it is not possible to define deny rules using the native NetworkPolicy resource. Instead, you could use your CNI’s implementation for network policies. If you use Calico as your CNI you can use Calico's network policies to create deny rules. You can also take a look at Otterize OSS, an open-source solution my team and I are working on recently. It simplifies network policies by defining them from the client’s perspective in a ClientIntents resource. You can use the network mapper to auto-generate those ClientIntents from the traffic in your cluster, and then deploy them and let the intents-operator manage the network policies for you.

  • in-toto-golang

    A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

  • sdk-golang

    Ziti SDK for Golang

    Project mention: ngrok-go: embed ingress into your Go apps as a net.Listener | /r/golang | 2023-03-09

    - WRT app embedded: We have some examples in https://github.com/openziti/sdk-golang. Also, our documents on embedding into Prometheus (https://docs.openziti.io/blog/zitification/prometheus/part1/) and Kubeclt (https://docs.openziti.io/blog/zitification/kubernetes/) should be useful. This use case is basically what Ozone did - https://ozone.one/blog/ozone-zitifies-private-kubernetes-deployments-with-netfoundry.

  • sshizzle

    Serverless, Zero-Trust SSH for Microsoft Azure

  • spiffe-vault

    Integrates Spiffe and Vault to have secretless authentication

  • cloudflare-zero-trust-operator

    K8s operator for configuring Cloudflare Zero Trust :cloud: :zap: :closed_lock_with_key:

    Project mention: Cloudflare Zero Trust Operator for Kubernetes | /r/CloudFlare | 2022-12-20

    apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://github.com/BojanZelic/cloudflare-zero-trust-operator//config/default?ref=0.1.7 secretGenerator: - name: cloudflare-creds behavior: replace literals: - CLOUDFLARE_API_KEY="" - CLOUDFLARE_API_EMAIL="" - CLOUDFLARE_ACCOUNT_ID="" - CLOUDFLARE_API_TOKEN=""

  • farmfa

    TOTP MFA for teams: Shamir's Secret Sharing and zero trust OTP generation

  • kubeztl

    A zitified kubernetes client

    Project mention: Kubernetes Exposed: One YAML Away from Disaster | news.ycombinator.com | 2023-08-08


    disclosure: i am a maintainer and the software overlay in the middle (helps enforce outbound-only, pre-authorized connects only) needs to be managed (self-hosted foss or hosted saas), so there are still trade-offs.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-12-07.

Go zero-trust related posts


What are some of the best open-source zero-trust projects in Go? This list will help you:

Project Stars
1 immudb 8,388
2 Netmaker 8,377
3 netbird 7,095
4 cosign 3,762
5 Pomerium 3,720
6 boundary 3,713
7 Ory Oathkeeper 3,082
8 spire 1,564
9 ziti 1,534
10 intents-operator 260
11 in-toto-golang 108
12 sdk-golang 68
13 sshizzle 68
14 spiffe-vault 65
15 cloudflare-zero-trust-operator 35
16 farmfa 22
17 kubeztl 3
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives