11 repository-uri
Protocols for verifying machine identities using cloud-based credentials.
Distinguishing note: Focuses on machine-to-machine authentication flows, distinct from user-facing authentication.
Explore 11 awesome GitHub repositories matching security & cryptography · Machine Identity Authentication. Refine with filters or upvote what's useful.
Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports
Establishes secure sessions for accessing secrets by verifying machine identities through cloud-specific credentials.
Telegraf is a modular, cross-platform telemetry pipeline designed to collect, process, and route metrics from diverse infrastructure, applications, and hardware. It functions as a server-side middleware that normalizes heterogeneous data into a unified format, enabling consistent monitoring across complex environments. By utilizing a plugin-driven architecture, the agent manages the entire lifecycle of telemetry data from initial ingestion to final transmission. The project distinguishes itself through a declarative, configuration-driven execution model that allows users to define complex dat
Uses managed identities to securely connect to database instances without requiring hardcoded passwords.
This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for a
Uses managed identities and service account credentials to securely authorize DNS record management and certificate signing requests.
Wandb is a centralized platform for machine learning experiment tracking, model registry management, and workflow orchestration. It provides a comprehensive suite of tools for logging, visualizing, and versioning training metrics, model artifacts, and hyperparameter sweeps to ensure reproducibility across development cycles. The platform also functions as an observability tool for large language model applications, enabling the tracing of execution steps, token usage, and reasoning processes. The project distinguishes itself through its event-driven automation capabilities, which allow users
Configures local credentials to securely authenticate development environments with remote tracking services.
KEDA is a Kubernetes event-driven autoscaler and cloud event scaling engine. It functions as a custom metrics provider that monitors external event sources—including message brokers, databases, and cloud metrics—to dynamically adjust the replica counts of containerized workloads. The project is distinguished by its scale-to-zero workflow, which reduces workloads to zero replicas during inactivity and automatically restarts them when new events are detected. It operates as a multi-cloud event trigger system, using a pluggable scaler interface to integrate with a wide array of third-party servi
Retrieves secrets and credentials from cloud identity providers or vault managers to securely connect to event sources.
Lego is an ACME certificate manager and lifecycle tool used to automate the request, renewal, and revocation of SSL and TLS certificates. It implements the ACME protocol to communicate with compliant certificate authorities and manages the full issuance process, including account registration and private key rollovers. The project distinguishes itself through extensive DNS automation, utilizing a provider-based abstraction to solve DNS-01 challenges across various third-party DNS providers. It supports advanced verification workflows such as CNAME-based challenge delegation, DNS zone discover
Uses Azure workload and managed identities to authenticate with DNS services.
The inspector is a diagnostic and validation tool for the Model Context Protocol. It provides an interactive interface and a transport proxy to discover, inspect, and execute the tools, prompts, and resources provided by an MCP server. The project serves as a debugger and compliance tester to verify that server implementations adhere to the protocol specification and JSON-RPC standards. It allows for real-time monitoring of message exchanges and logs between clients and servers across various transport layers, such as standard input/output and Server-Sent Events. The tool covers a broad rang
Uses OAuth 2.0 client credentials and enterprise frameworks for non-interactive machine-to-machine authentication.
Model Context Protocol is a standardized framework for connecting large language models to external data sources and executable tools. It enables the creation of a universal interface where servers expose tools, resources, and prompts that can be discovered and utilized by various AI clients. The protocol utilizes a JSON-RPC message system that is transport-agnostic, supporting both standard input/output for local processes and HTTP with server-sent events for remote connections. It emphasizes security and control by delegating model sampling to the client to keep API keys secure from servers
Handles security between services using client credentials to enable non-interactive machine authentication.
Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o
Provides secure machine-to-machine authentication using dedicated API keys in request headers.
Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr
Verifies identity of automated services, microservices, or AI agents in real-time with instant credential revocation.
Pomerium este un reverse proxy de tip zero-trust, conștient de identitate, conceput pentru a securiza aplicațiile interne și infrastructura fără a fi nevoie de un VPN tradițional. Prin verificarea fiecărei cereri printr-un furnizor de identitate și un motor de politici declarativ, acesta asigură că accesul este acordat pe baza identității utilizatorului, contextului dispozitivului și atributelor cererii, mai degrabă decât pe locația rețelei. Proiectul se distinge prin capacitatea sa de a gestiona protocoale diverse și cerințe complexe de acces. Oferă acces securizat, verificat prin identitate, la aplicații web, servicii TCP și UDP și conexiuni SSH, înlocuind cheile statice cu certificate efemere, cu durată scurtă de viață. În plus, funcționează ca un gateway pentru Model Context Protocol, permițând descoperirea securizată, auditarea și execuția de instrumente impusă de politici pentru agenții AI și serviciile automatizate. Pomerium se integrează cu Kubernetes ca un ingress controller, traducând resursele native de ingress în configurații de rutare conștiente de identitate. Arhitectura sa suportă sincronizarea centralizată a planului de control, permițând administratorilor să distribuie politici de securitate, certificate TLS și configurații de rutare în clustere proxy distribuite. Sistemul oferă, de asemenea, gestionarea granulară a traficului, inclusiv load balancing, manipularea header-elor și filtrarea bazată pe path, pentru a asigura o conectivitate securizată și performantă către serviciile backend. Proiectul este conceput pentru un deployment flexibil, suportând atât arhitecturi unificate, cât și decuplate pentru a acomoda scalarea independentă a componentelor de date și de control plane. Oferă o observabilitate cuprinzătoare prin audit logging-ul deciziilor de autorizare și exportul metricilor de performanță, facilitând monitorizarea conformității și securității în medii diverse.
Enables secure, identity-aware authentication for automated services by issuing tokens that verify requests between internal applications.