ockam

Ockam is a library for building devices that communicate securely, privately and trustfully with cloud services and other devices.

End-to-end encrypted, mutually authenticated, secure communication.

A hands-on guide 👉.

Data, within modern distributed applications, are rarely exchanged over a single point-to-point transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol routes — across data centers, through queues and caches, via gateways and brokers — before reaching their end destination.

Transport layer security protocols are unable to protect application messages because their protection is constrained by the length and duration of the underlying transport connection.

Ockam makes it simple for our applications to guarantee end-to-end integrity, authenticity, and confidentiality of data. We no longer have to implicitly depend on the defenses of every machine or application within the same, usually porous, network boundary. Our application's messages don't have to be vulnerable at every point, along their journey, where a transport connection terminates.

Instead, our application can have a strikingly smaller vulnerability surface and easily make granular authorization decisions about all incoming information and commands.

Features

• End-to-end encrypted, mutually authenticated secure channels.
• Multi-hop, multi-transport, application layer routing.
• Key establishment, rotation, and revocation - for fleets, at scale.
• Lightweight, Concurrent, Stateful Workers that enable simple APIs.
• Attribute-based Access Control - credentials with selective disclosure.
• Add-ons for a variety of operating environments, transport protocols, and cryptographic hardware.

Documentation

Tutorials, examples and reference guides are available at docs.ockam.io.

Usage

Add this to your Cargo.toml:

[dependencies]
ockam = "0.140.0"

License

This code is licensed under the terms of the Apache License 2.0.