PickYourTechPickYourTech home
Octelium logo

Octelium

Unified zero-trust platform for secure access and deployment

VPN & Zero Trust Networks

Octelium delivers a self-hosted, zero-trust access layer that unifies VPN, ZTNA, secure tunnels, API and AI gateways, and PaaS capabilities, enabling secretless, identity-based connectivity for humans and workloads.

Octelium banner

Overview

Highlights

Unified zero‑trust architecture with L7‑aware, identity‑based access for humans and workloads
Dynamic secretless connectivity via WireGuard/QUIC tunnels and client‑less BeyondCorp access
Policy‑as‑code control using CEL and OPA for fine‑grained, context‑aware rules
Built‑in PaaS, API, AI gateway and Kubernetes ingress capabilities with OpenTelemetry logging

Pros

  • Self‑hosted, eliminating reliance on third‑party VPN or tunnel services
  • Scalable Kubernetes‑native deployment and automatic scaling
  • Supports any OIDC/SAML IdP and GitHub OAuth2 for unified authentication
  • Real‑time audit logs exported via OpenTelemetry for security monitoring

Considerations

  • Requires a Kubernetes cluster, adding operational overhead for small setups
  • Complex policy language (CEL/OPA) may have a learning curve
  • Full feature set can be overkill for simple single‑host VPN needs
  • Community support may be limited compared to commercial alternatives

Managed products teams compare with

When teams consider Octelium, these hosted platforms usually appear on the same shortlist.

Zscaler logo

Zscaler

Cloud-based zero trust security platform providing secure access to applications without traditional VPNs

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Organizations needing a single platform for VPN, ZTNA, and API gateway
  • Teams deploying containerized services that require secretless, identity‑based access
  • Developers building AI/LLM gateways with fine‑grained request control
  • Homelab enthusiasts wanting secure remote access to devices behind NAT

Not ideal when

  • Small teams without Kubernetes expertise seeking a lightweight VPN
  • Environments that require out‑of‑the‑box SaaS solutions with no self‑hosting
  • Use cases needing only static IP tunneling without dynamic policies
  • Organizations without resources for managing OpenTelemetry pipelines

How teams use it

Zero‑Trust Remote Access for Distributed Workforce

Employees connect securely via WireGuard tunnels or client‑less portals, with per‑request policies enforcing least‑privilege access to internal apps.

Self‑Hosted API Gateway for Microservices

Expose internal APIs through Octelium’s L7 gateway, applying CEL policies to route, authenticate, and audit each request without managing API keys.

AI Model Serving with Secure Access

Deploy LLM services behind Octelium, granting identity‑based, secretless access to models while logging usage via OpenTelemetry.

Homelab Device Management

Securely SSH into Raspberry Pis, IoT devices, and containers from anywhere without opening firewall ports, using password‑less, root‑less access.

Tech snapshot

Go77%
TypeScript22%
Makefile1%
Dockerfile1%
JavaScript1%
HTML1%

Tags

abackuberneteswireguardquicopentelemetryvpnai-gatewayhomelabtunnelsshmcp-gatewaybeyondcorppaasztnassoapi-gatewaypolicy-as-coderemote-accessmfazero-trust

Frequently asked questions

What infrastructure does Octelium run on?

Octelium runs on a Kubernetes cluster, leveraging its scalability and declarative management.

How does Octelium provide secretless access?

It authenticates users via OIDC/SAML and injects temporary credentials at the application layer, eliminating the need to store long‑lived secrets.

Can Octelium replace commercial VPN services?

Yes, it offers zero‑config client access over WireGuard/QUIC and client‑less BeyondCorp access, providing comparable functionality with added policy control.

What logging and audit capabilities are available?

All requests are recorded and exported to OpenTelemetry OTLP receivers, enabling integration with log management and SIEM tools.

Is there a GUI for managing policies?

Policies are defined as code using CEL and OPA; management is performed via the octeliumctl CLI or through GitOps workflows.

Project at a glance

Active
Visit siteView repo
Stars
3,069
Watchers
3,069
Forks
104
LicenseAGPL-3.0
Repo age8 months old
Last commit2 days ago
Self-hostingSupported
Primary languageGo

Last synced 3 hours ago