Home
Projects

Open-Source Projects

Discover top open-source software, updated regularly with real-world adoption signals.

PickYourTech

Curated open-source & SaaS tooling to help teams ship faster.

Projects Alternatives Categories About

Terms Privacy

Home
Projects
VPN & Zero Trust Networks
Octelium

Octelium

Unified zero-trust platform for secure access and deployment

VPN & Zero Trust Networks

Overview Highlights Managed products Fit Use cases Tech Tags FAQ

Octelium delivers a self-hosted, zero-trust access layer that unifies VPN, ZTNA, secure tunnels, API and AI gateways, and PaaS capabilities, enabling secretless, identity-based connectivity for humans and workloads.

Overview

Highlights

Octelium – Unified Zero Trust Access Platform | PickYourTech

Unified zero‑trust architecture with L7‑aware, identity‑based access for humans and workloads

Dynamic secretless connectivity via WireGuard/QUIC tunnels and client‑less BeyondCorp access

Policy‑as‑code control using CEL and OPA for fine‑grained, context‑aware rules

Built‑in PaaS, API, AI gateway and Kubernetes ingress capabilities with OpenTelemetry logging

Pros

Self‑hosted, eliminating reliance on third‑party VPN or tunnel services
Scalable Kubernetes‑native deployment and automatic scaling
Supports any OIDC/SAML IdP and GitHub OAuth2 for unified authentication
Real‑time audit logs exported via OpenTelemetry for security monitoring

Considerations

Requires a Kubernetes cluster, adding operational overhead for small setups
Complex policy language (CEL/OPA) may have a learning curve
Full feature set can be overkill for simple single‑host VPN needs
Community support may be limited compared to commercial alternatives

Managed products teams compare with

When teams consider Octelium, these hosted platforms usually appear on the same shortlist.

Zscaler

Cloud-based zero trust security platform providing secure access to applications without traditional VPNs

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

Organizations needing a single platform for VPN, ZTNA, and API gateway
Teams deploying containerized services that require secretless, identity‑based access
Developers building AI/LLM gateways with fine‑grained request control
Homelab enthusiasts wanting secure remote access to devices behind NAT

Not ideal when

Small teams without Kubernetes expertise seeking a lightweight VPN
Environments that require out‑of‑the‑box SaaS solutions with no self‑hosting
Use cases needing only static IP tunneling without dynamic policies
Organizations without resources for managing OpenTelemetry pipelines

How teams use it

Zero‑Trust Remote Access for Distributed Workforce

Employees connect securely via WireGuard tunnels or client‑less portals, with per‑request policies enforcing least‑privilege access to internal apps.

Self‑Hosted API Gateway for Microservices

Expose internal APIs through Octelium’s L7 gateway, applying CEL policies to route, authenticate, and audit each request without managing API keys.

AI Model Serving with Secure Access

Deploy LLM services behind Octelium, granting identity‑based, secretless access to models while logging usage via OpenTelemetry.

Homelab Device Management

Securely SSH into Raspberry Pis, IoT devices, and containers from anywhere without opening firewall ports, using password‑less, root‑less access.

Tech snapshot

Go77%

TypeScript22%

Makefile1%

Dockerfile1%

JavaScript1%

HTML1%

Frequently asked questions

What infrastructure does Octelium run on?

Octelium runs on a Kubernetes cluster, leveraging its scalability and declarative management.

How does Octelium provide secretless access?

It authenticates users via OIDC/SAML and injects temporary credentials at the application layer, eliminating the need to store long‑lived secrets.

Can Octelium replace commercial VPN services?

Yes, it offers zero‑config client access over WireGuard/QUIC and client‑less BeyondCorp access, providing comparable functionality with added policy control.

What logging and audit capabilities are available?

All requests are recorded and exported to OpenTelemetry OTLP receivers, enabling integration with log management and SIEM tools.

Is there a GUI for managing policies?

Policies are defined as code using CEL and OPA; management is performed via the octeliumctl CLI or through GitOps workflows.

Project at a glance

Active

Visit site View repo

Stars: 2,852
Watchers: 2,852
Forks: 93

LicenseAGPL-3.0

Repo age7 months old

Last commit6 days ago

Self-hostingSupported

Primary languageGo

Last synced 4 days ago