GitHub - RobinSrimal/irongate: Serverless Auth on AWS · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
RobinSrimal
irongate
Public template
Notifications<br>You must be signed in to change notification settings
Fork
Star
master
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>525 Commits<br>525 Commits
assets
assets
design
design
docs
docs
infra
infra
packages
packages
scripts
scripts
.example.env
.example.env
.gitignore
.gitignore
AGENTS.md
AGENTS.md
LICENSE
LICENSE
README.md
README.md
auth.clients.toml
auth.clients.toml
package-lock.json
package-lock.json
package.json
package.json
sst.config.ts
sst.config.ts
tsconfig.json
tsconfig.json
View all files
Repository files navigation
Irongate is a serverless authentication template for AWS. It gives you a Rust-based auth core running on API Gateway, Lambda, and DynamoDB, deployed with SST.<br>It is meant for teams that want to own their auth layer without running servers or paying hosted-auth MAU pricing. You get a small, inspectable starting point that you can deploy, modify, and extend inside your own AWS account.
Getting Started
Create a new repository from this template, clone it, then run the setup script to rename the project:
npm run setup
After that, follow the setup docs one step at a time:
docs/setup/01-template-setup.md<br>docs/setup/02-aws-accounts-and-sst.md<br>docs/setup/03-stage-config.md<br>docs/setup/04-secrets.md<br>docs/setup/05-auth-clients.md<br>docs/setup/06-resend-email.md<br>docs/setup/09-deploy-auth-core.md
Provider and example setup:
docs/setup/07-google-login.md<br>docs/setup/08-apple-login.md<br>docs/setup/10-cloudflare-account.md<br>docs/setup/11-cloudflare-web-example.md<br>docs/setup/12-tauri-app-example.md
Operations:
docs/operations/smoke-test.md<br>docs/operations/local-signing-dev.md
Secret Boundary
The template deliberately separates local deploy credentials, runtime secrets, and reviewed<br>configuration:
.env: local-only tooling credentials, such as Cloudflare API token and account ID.
SST secrets: Irongate runtime secrets used by Lambda, such as Resend, HMAC lookup, signing, Google,<br>Apple, and confidential client secrets.
infra/shared/stage-config.ts: checked-in non-secret stage config.
auth.clients.toml: checked-in OAuth client definitions and secret reference names.
See docs/setup/04-secrets.md and docs/setup/10-cloudflare-account.md.
Design
Start with:
design/overview.md<br>design/functions/README.md<br>design/infra/README.md<br>design/examples/README.md
About
Serverless Auth on AWS
Topics
rust
aws
lambda
authentication
serverless
dynamodb
cloudflare
Resources
Readme
License
MIT license
Uh oh!
There was an error while loading. Please reload this page.
Activity
Stars
star
Watchers
watching
Forks
forks
Report repository
Contributors
Uh oh!
There was an error while loading. Please reload this page.
Languages
Rust<br>84.7%
TypeScript<br>10.5%
JavaScript<br>3.5%
Other<br>1.3%
You can’t perform that action at this time.