3pp-mirror/pomerium: Pomerium is an identity and context-aware access proxy.

mirror of https://github.com/pomerium/pomerium.git synced 2025-07-25 20:49:30 +02:00

Pomerium is an identity and context-aware access proxy.

beyondcorp gateway go iam identity identity-aware-proxy pomerium reverse-proxy vpn zero-trust

Find a file

dependabot[bot] 340ee97bf3 chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.11 to 3.22.12 (#3849 ) Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.22.11 to 3.22.12. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](https://github.com/shirou/gopsutil/commits/v3.22.12) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2023-01-03 09:40:27 -07:00
.github	chore(deps): bump actions/stale from 6.0.1 to 7.0.0 (#3852 )	2023-01-03 08:42:36 -07:00
.vscode	use tlsClientConfig instead of custom dialer (#3830 )	2022-12-27 09:55:36 -07:00
authenticate	options: support multiple signing keys (#3828 )	2022-12-22 09:31:09 -07:00
authorize	authorize: log check() error (#3846 )	2023-01-03 11:05:25 -05:00
cmd/pomerium	chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 )	2022-10-19 09:36:59 -06:00
config	config: add support for extended TCP route URLs (#3845 )	2022-12-27 12:50:33 -07:00
databroker	test: use `T.TempDir` to create temporary test directory (#3725 )	2022-11-08 09:16:32 -07:00
examples	remove forward auth (#3628 )	2022-11-23 15:59:28 -07:00
integration	authenticate: implement hpke-based login flow (#3779 )	2022-12-05 15:31:07 -07:00
internal	config: add support for extended TCP route URLs (#3845 )	2022-12-27 12:50:33 -07:00
ospkg	move directory providers (#3633 )	2022-11-03 11:33:56 -06:00
pkg	envoyconfig: clean up filter chain construction (#3844 )	2022-12-27 10:07:26 -07:00
proxy	use tlsClientConfig instead of custom dialer (#3830 )	2022-12-27 09:55:36 -07:00
scripts	bump envoy to v1.24.0 (#3767 )	2022-11-28 09:32:31 -07:00
ui	chore(deps): bump json5 from 2.2.0 to 2.2.3 in /ui (#3853 )	2023-01-03 08:43:08 -07:00
.codecov.yml
.dockerignore	frontend: react+mui (#3004 )	2022-02-07 08:47:58 -07:00
.fossa.yml	rm cli code (#2824 )	2021-12-15 16:25:21 -05:00
.gitattributes
.gitignore	allow pomerium to be embedded as a library (#3415 )	2022-06-15 20:29:19 -04:00
.golangci.yml	lint: remove deprecated linters (#3686 )	2022-10-19 13:52:03 -06:00
.pre-commit-config.yaml	integration: add single-cluster integration tests (#2516 )	2021-08-24 15:35:05 -06:00
.tool-versions	upgrade go to 1.19.2 (#3689 )	2022-10-20 12:18:19 -06:00
3RD-PARTY	dependencies: vendor base58, remove shortuuid (#2739 )	2021-11-02 09:23:15 -06:00
DEBUG.MD
Dockerfile	chore(deps): bump debian from `880aa5f` to `7ca0fec` (#3841 )	2022-12-27 09:51:29 -07:00
Dockerfile.debug	chore(deps): bump golang from `e464bb0` to `7c97bae` (#3843 )	2022-12-27 09:51:18 -07:00
go.mod	chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.11 to 3.22.12 (#3849 )	2023-01-03 09:40:27 -07:00
go.sum	chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.11 to 3.22.12 (#3849 )	2023-01-03 09:40:27 -07:00
LICENSE
Makefile	databroker: support rotating shared secret (#3502 )	2022-07-26 10:59:54 -06:00
pomerium.go	fix go get, improve redis test (#2450 )	2021-08-06 12:07:20 -06:00
README.md	Update README.md (#3569 )	2022-08-23 08:45:58 -07:00
RELEASING.md	deployment: update RELEASING.md (#3503 )	2022-08-16 10:40:03 -07:00
SECURITY.md
tools.go	protoc: add xds repo (#2687 )	2021-10-19 14:36:23 -06:00

README.md

Pomerium is an identity and context-aware reverse proxy that brokers secure access to apps and services at scale. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in.

Pomerium can be used in situations where you'd typically reach for a VPN, but, unlike a VPN, does not require a client and uses identity and context, not network locality to determine access.

Pomerium can be used to:

provide a single-sign-on gateway to internal applications.
enforce dynamic access policy based on context, identity, and device identity.
aggregate access logs and telemetry data.
a VPN alternative.

Docs

For comprehensive docs, and tutorials see our documentation.

Integration Tests

To run the integration tests locally, first build a local development image:

./scripts/build-dev-docker.bash

Next go to the integration/clusters folder and pick a cluster, for example google-single, then use docker-compose to start the cluster. We use an environment variable to specify the dev docker image we built earlier:

cd integration/clusters/google-single
env POMERIUM_TAG=dev docker-compose up -V

Once that's up and running you can run the integration tests from another terminal:

go test -count=1 -v ./integration/...

If you need to make a change to the clusters themselves, there's a tpl folder that contains jsonnet files. Make a change and then rebuild the clusters by running:

go run ./integration/cmd/pomerium-integration-tests/ generate-configuration