31 repositorios
Tools and configurations for managing and applying client-side certificates to secure API requests.
Distinguishing note: Focuses specifically on certificate-based authentication for API clients, distinct from general credential management.
Explore 31 awesome GitHub repositories matching security & cryptography · Client Certificate Authentication. Refine with filters or upvote what's useful.
This project is a terminal-based HTTP client designed for interacting with web services, debugging APIs, and automating network requests. It provides a specialized command-line interface that simplifies the construction of complex HTTP exchanges, allowing users to test and inspect web services directly from the shell. The tool distinguishes itself through a declarative syntax engine that translates shorthand command-line tokens into fully formed HTTP requests, including headers, parameters, and body payloads. It features a modular, plugin-based architecture that enables users to extend core f
Authenticates with servers using client-side SSL certificates and private keys.
Pingora is a Rust-based framework for building high-performance network services, including HTTP reverse proxies, layer seven load balancers, and TLS termination proxies. It serves as an asynchronous network library designed to intercept and route HTTP, gRPC, and WebSocket traffic between clients and upstream backend servers. The project enables zero-downtime service updates by handing over listening sockets between processes during binary or configuration upgrades. It utilizes a programmable multi-phase pipeline to modify request and response bodies and headers, and it provides a pluggable T
Validates client digital certificates during secure handshakes to ensure authorized peer connectivity.
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
Validates client identity by verifying certificates against a trusted certificate authority or mapping attributes to user identities.
This project is an automated reverse proxy and load balancer designed for containerized environments. It functions by monitoring container lifecycle events through the container runtime API, allowing it to dynamically generate and update web server configurations in real time as services start, stop, or change their network status. The system distinguishes itself through its ability to orchestrate proxy processes without dropping active connections, ensuring continuous availability during configuration updates. It utilizes a template-based engine to map container metadata to routing logic, en
Verifies incoming traffic using basic authentication or client certificates to ensure only authorized access.
Temporal is a distributed workflow orchestration engine designed to manage fault-tolerant, stateful, and long-running background processes. It functions as a platform for coordinating complex cross-service operations, ensuring consistency and reliability in distributed environments by decoupling workflow orchestration from task execution. The platform distinguishes itself through a deterministic, event-sourced execution model that reconstructs workflow state by re-executing code from an immutable event log. This approach isolates non-deterministic side effects into managed activities, allowin
Secures communication between clients and the platform by requiring valid cryptographic certificates for service identity verification.
Telegraf is a modular, cross-platform telemetry pipeline designed to collect, process, and route metrics from diverse infrastructure, applications, and hardware. It functions as a server-side middleware that normalizes heterogeneous data into a unified format, enabling consistent monitoring across complex environments. By utilizing a plugin-driven architecture, the agent manages the entire lifecycle of telemetry data from initial ingestion to final transmission. The project distinguishes itself through a declarative, configuration-driven execution model that allows users to define complex dat
Manages client-side certificates to establish secure connections and authenticate with remote servers.
This tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. I
Supports client-side certificate authentication to enable secure communication with protected target servers.
This project is a comprehensive Python network request framework designed for both synchronous and asynchronous HTTP communication. It provides a high-performance client capable of executing non-blocking requests within event-driven applications, while also supporting standard blocking calls for simpler scripts. The library is built to operate natively across diverse asynchronous runtimes, automatically detecting and utilizing the underlying event loop for concurrency. What distinguishes this library is its modular architecture, which decouples request construction from network execution thro
Provides local certificate files to verify client identity during the handshake process.
Got is a promise-based HTTP request library for Node.js that supports HTTP/2 and streaming. It provides a system for making network requests with a focus on asynchronous control flow and type-safe API client development. The library is distinguished by its middleware-based request lifecycle, which uses interceptors and plugins to modify request options and response data. It includes a configurable automatic retry mechanism with backoff strategies, a built-in HTTP response cache, and a cookie-jar system for maintaining persistent sessions. Broad capabilities cover data handling through duplex
Allows attaching SSL certificates and private keys to secure client-server handshakes.
OpenVPN is a cross-platform networking solution that establishes secure virtual private network connections by wrapping data traffic within encrypted tunnels. It functions as a server-side application that authenticates remote endpoints and routes encrypted traffic to provide access to private network resources across untrusted public networks. The software utilizes standard cryptographic protocols to perform mutual authentication and key exchange over a dedicated control channel. It verifies the identity of remote systems through certificate-based authentication, ensuring that only trusted e
Verifies X509 certificate fields during the handshake to confirm the identity of remote systems.
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
Validates the identity of log processors and remediation components using API keys and TLS certificates.
Posting is a terminal-based HTTP request manager designed for developing, testing, and documenting API endpoints. It functions as a keyboard-driven interface that allows users to execute requests, manage collections, and inspect server responses directly within the command line environment. By storing request configurations as plain text files on the local filesystem, the tool ensures that API definitions remain compatible with standard version control systems. The project distinguishes itself by treating API collections as version-controlled assets, enabling users to migrate existing workflo
Supports mutual TLS authentication by providing local certificate and key files for secure connections.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Saves root certificates and connection details to local files to simplify client authentication.
rustls is a memory-safe implementation of the Transport Layer Security protocol written in Rust. It provides a cryptographic stack for secure network communication, supporting both TLS 1.3 and 1.2 standards for client and server implementations. The project is designed as a modular cryptographic library that allows swapping underlying cryptographic backends and primitive providers to meet specific security or performance requirements. It incorporates a post-quantum cryptography stack, utilizing hybrid key exchanges and signatures to protect data against future quantum computing threats. The
Verifies the identity of connecting clients by checking digital certificates and validating them against revocation lists.
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Imports client certificates in PEM, DER, or PKCS12 formats for mutual TLS authentication.
Bombardier is a concurrent HTTP load generator and performance benchmarking tool written in Go. It functions as a latency distribution analyzer and benchmarking utility designed to measure the throughput and response speed of HTTP services by simulating high-volume request loads. The tool provides specific capabilities for TLS benchmarking, supporting client certificate authentication and the ability to bypass server certificate verification. It distinguishes itself through the use of a token-bucket algorithm for precise request rate limiting and the use of templates to export benchmark resul
Uses client certificates and private keys to establish secure TLS connections during benchmarks.
Feast is an open-source feature store for machine learning that provides a central platform for defining, storing, and serving features across both training and inference workflows. It operates as a declarative system where feature definitions are written as code in Python files, synchronized to a central registry, and made available for low-latency online retrieval or point-in-time correct historical joins for training datasets. The project abstracts storage behind a pluggable architecture, allowing offline and online backends to be swapped without changing retrieval logic, and coordinates ma
Requires clients to present a certificate signed by a trusted CA for mutual authentication on server connections.
Headlamp is a Kubernetes web interface that runs as either a desktop application or a browser-based dashboard, providing a unified view for managing resources across multiple clusters. It supports authentication through OpenID Connect providers and kubeconfig files, and renders the UI according to the user's Kubernetes RBAC permissions, hiding or disabling actions that are not permitted. The project distinguishes itself through a plugin system that allows extending the dashboard with custom views, components, and business logic without modifying the core code. Plugins can be installed from a
Uses a client certificate to verify identity and grant access to the cluster resources.
Metrics Server is a lightweight, single-purpose daemon that collects CPU and memory usage data from every node and pod in a Kubernetes cluster and exposes those metrics through a standard Kubernetes API endpoint. It registers as an aggregated extension API server behind the Kubernetes apiserver, making resource utilization data available to the Horizontal Pod Autoscaler and Vertical Pod Autoscaler for automatic replica count and resource request adjustments. The project distinguishes itself by operating as a focused, in-cluster resource metrics collector that polls kubelet summary endpoints a
Validates incoming proxy requests using signed client certificates to ensure they originate from the Kubernetes apiserver.
wstunnel is a tool that tunnels arbitrary TCP traffic through WebSocket connections, enabling communication across restrictive firewalls and proxies. It operates as both a client and server, encapsulating TCP data within WebSocket binary frames and multiplexing multiple connections over a single WebSocket link. The tool supports mutual TLS authentication, requiring clients to present signed certificates for verification before establishing a tunnel, and provides shared secret access control and tunnel forwarding restrictions for additional security. The project distinguishes itself by offerin
Authenticates clients by validating X.509 certificates during the TLS handshake, requiring a trusted certificate authority chain.