7 مستودعات
Processes for reviewing and authorizing new devices before network access is granted.
Distinguishing note: Focuses on the administrative approval step rather than automated registration.
Explore 7 awesome GitHub repositories matching security & cryptography · Device Approval Workflows. Refine with filters or upvote what's useful.
Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it
Ensures only verified hardware gains network access through an administrative review process.
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
Requires manual administrative authorization for new devices before they are permitted to join the network.
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Requires administrative review and approval for new devices before granting network access.
Zigbee2mqtt is a service that functions as a bridge between Zigbee radio signals and the MQTT messaging protocol. It acts as a smart home hardware controller, enabling the management and communication of sensors, lights, and switches through local USB or network-based radio adapters. The project serves as a network manager for local mesh environments, handling the pairing of new hardware and the ongoing administration of device connections. It translates proprietary radio payloads into standardized data structures using a declarative schema, ensuring that device states are reconciled in real
Guides the secure connection of new hardware to a local network by managing discovery and joining procedures.
Moltworker is an AI agent sandbox and model orchestrator designed for the secure execution of untrusted code and shell commands generated by large language models. It functions as a gateway proxy that routes requests to multiple AI providers through a unified interface, integrating a container runtime backed by S3-compatible object storage to persist state across ephemeral lifecycles. The system distinguishes itself by combining an AI model orchestrator with a headless browser controller for automated web scraping and screenshot capture. It manages the full lifecycle of AI agents, including m
Implements an administrative approval workflow in a web interface before new client devices can connect.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Tracks approved devices and hardware identifiers to serve as the basis for access policies.
Kaneo is an open-source project management platform built around a kanban board interface for organizing tasks into columns with drag-and-drop status management. It functions as a self-hosted task manager that supports multiple workspaces, organizations, and role-based access control, with all persistent data stored in a PostgreSQL relational database and exposed through a RESTful JSON API. The platform distinguishes itself through deep external integration capabilities, connecting project workflows to GitHub, Gitea, Slack, Discord, and Telegram with automated event-driven actions. A webhook
Provides a web-based interface for users to manually review and approve device authorization requests.