Athenz IO - Home
Explore<br>Case Studies<br>Customer Stories<br>Documentation<br>Comparison
Slack
Github
Contact
( AuthNZ )
Open source platform for X.509 certificate<br>based service authentication and fine grained<br>access control in dynamic infrastructures
Get Started
Watch Video
Integrations
Never Trust &<br>Always Verify
Enables zero trust core principles like traffic encryption, AuthN, AuthZ, Dynamic Trust and least privilege access
Learn More
X.509 Certificate Based Authentication
Service identity in the form of short-lived X.509 certificates to all workloads deployed in private or public clouds
*How is Athenz different from SPIRE?
Learn More
Fine-grained Authorization
Authorize all authenticated clients using fine-grained role-based (RBAC) access control with industry standard JWT access tokens
Learn More
Identities for all workloads in your hybrid environment
Problem
How to enable Zero Trust core principles like traffic encryption and authentication among all workloads in a hybrid environment?
Solution
Athenz issues service identities in the form of short-lived X.509 certificates to all workloads deployed in private or public clouds enabling secure communication among all workloads with mTLS.
Learn More
Authorization and identity provider solution for your Kubernetes clusters
Problem
How do we provide credentials to container workloads to prove its identity and to authenticate with the Kubernetes API, establish mTLS with services, and define role-based access control (RBAC)?
Solution
An Identity provider mechanism enables workloads to authenticate with kubernetes container credentials such as pod bound service account tokens in exchange for Athenz service identity certificates using a callback mechanism that allows a kubernetes pod-aware identity service to authenticate such credentials.
Learn More
Industry Standard Authorization mTLS bound access token
Problem
How to deploy a centralized authorization store and deploy a consistent authorization solution based on industry standard OAuth2 access tokens without implementing the logic in each application?
Solution
Athenz Token Service issues industry standard mTLS bound OAuth2 access tokens that application services can use to both authenticate (x.509 identity certificates) and authorize requests based on policies defined in the Athenz Management System.
Learn More
AWS Temporary Credentials for On-Prem services
Problem
How to securely access AWS services from on-prem data centers without using static credentials defined in AWS IAM?
Solution
Services running in on-prem data can use their Athenz issued identity x.509 certificates to request AWS temporary credentials from Athenz Token Service running in AWS.
Learn More
Success Stories
Suresh Visvanathan<br>Sr. Director, Software Dev Engineering<br>Yahoo
"Athenz enriches Kubernetes workload security at Yahoo with fine-grain Role-based access control (RBAC) and service authentication. Athenz's rich set of APIs integrates seamlessly with any Container-as-a-Service Platform."
Christopher Tatsuya Yano<br>Platform Developer<br>LY Corporation
"Athenz secures large scale cloud computing platforms at LY corporation as a Single source of truth (SSoT). Athenz secures Yahoo! JAPAN services as a security platform with its flexible interface and its customizable APIs."
Getting Started
Explore the Athenz documentation and create a test development environment with ZMS (Athenz Management Service), ZTS (Athenz Token Service), and UI services. For reference implementation, visit the Java Client/Servlet or Go Client/Server example documentation.
Documentation
Athenz is a Cloud Native Computing Foundation sandbox project