{"id":22319400,"url":"https://github.com/athenz/athenz","last_synced_at":"2026-05-15T01:29:16.054Z","repository":{"id":37793135,"uuid":"73948366","full_name":"AthenZ/athenz","owner":"AthenZ","description":"Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.","archived":false,"fork":false,"pushed_at":"2025-05-09T00:32:31.000Z","size":71171,"stargazers_count":935,"open_issues_count":34,"forks_count":285,"subscribers_count":52,"default_branch":"master","last_synced_at":"2025-05-09T01:29:03.864Z","etag":null,"topics":["access-token","authorization","cloud","containers","dynamic-infrastructures","rbac","role-based-access-control","service-identity","spiffe","tls"],"latest_commit_sha":null,"homepage":"https://www.athenz.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AthenZ.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":"roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-11-16T18:23:08.000Z","updated_at":"2025-05-06T01:13:23.000Z","dependencies_parsed_at":"2023-09-28T00:10:50.538Z","dependency_job_id":"b8b8f01d-f1b5-45ca-90c2-669a14722108","html_url":"https://github.com/AthenZ/athenz","commit_stats":{"total_commits":3069,"total_committers":90,"mean_commits":34.1,"dds":0.5627240143369175,"last_synced_commit":"aff22b2df6a257d52364065b6423a9a9aafeaa3a"},"previous_names":["yahoo/athenz"],"tags_count":305,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AthenZ%2Fathenz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AthenZ%2Fathenz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AthenZ%2Fathenz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AthenZ%2Fathenz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AthenZ","download_url":"https://codeload.github.com/AthenZ/athenz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253747374,"owners_count":21957748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-token","authorization","cloud","containers","dynamic-infrastructures","rbac","role-based-access-control","service-identity","spiffe","tls"],"created_at":"2024-12-04T00:08:49.219Z","updated_at":"2026-01-12T09:49:42.049Z","avatar_url":"https://github.com/AthenZ.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Athenz](docs/images/athenz-logo.png)\n\n# Athenz\n\n[![GitHub_Actions Workflow](https://github.com/AthenZ/athenz/actions/workflows/main-branch-push.yaml/badge.svg)](https://github.com/AthenZ/athenz/actions)\n[![SourceSpy Dashboard](https://sourcespy.com/shield.svg)](https://sourcespy.com/github/athenzathenz/)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4681/badge)](https://bestpractices.coreinfrastructure.org/projects/4681)\n[![Licenses](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2FAthenZ%2Fathenz.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2FAthenZ%2Fathenz?ref=badge_shield)\n\n\u003e Athenz is an open source platform for X.509 certificate based service authentication and fine-grained\n\u003e access control in dynamic infrastructures. It supports provisioning and configuration (centralized\n\u003e authorization) use cases as well as serving/runtime (decentralized authorization) use cases. Athenz\n\u003e authorization system utilizes x.509 certificates and industry standard mutual TLS bound oauth2 access\n\u003e tokens. The name “Athenz” is derived from “AuthNZ” (N for authentication and Z for authorization).\n\n## Table of Contents\n\n* [Background](#background)\n* [Install](#install)\n* [Usage](#usage)\n* [Contribute](#contribute)\n* [License](#license)\n\n## Background\n\nAthenz is an open source platform for X.509 certificate based service authentication\nand fine-grained role based access control in dynamic infrastructures. It provides\nsupport for the following three major functional areas.\n\n### Service Authentication\n\nAthenz provides secure identity in the form of short-lived X.509 certificate\nfor every workload or service deployed in private (e.g. Openstack, K8S, Screwdriver)\nor public cloud (e.g. AWS EC2, ECS, Fargate, Lambda). Using these X.509 certificates\nclients and services establish secure connections and through mutual TLS authentication verify\neach other's identity. The service identity certificates are valid for 30 days only,\nand the service identity agents (SIA) part of those frameworks automatically refresh\nthem daily. The term service within Athenz is more generic than a traditional service.\nA service identity could represent a command, job, daemon, workflow, as well as both an\napplication client, and an application service.\n\nSince Athenz service authentication is based on\n[X.509 certificates](https://en.wikipedia.org/wiki/X.509), it is\nimportant that you have a good understanding of what X.509 certificates are\nand how they're used to establish secure connections in Internet protocols\nsuch as [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security).\n\n### Role-Based Authorization (RBAC)\n\nOnce the client is authenticated with its x.509 certificate, the service\ncan then check if the given client is authorized to carry out the requested\naction. Athenz provides fine-grained role-based access control (RBAC) support\nfor a centralized management system with support for control-plane access control\ndecisions and a decentralized enforcement mechanism suitable for data-plane\naccess control decisions. It also provides a delegated management model that\nsupports multi-tenant and self-service concepts.\n\n### AWS Temporary Credentials Support\n\nWhen working with AWS, Athenz provides support to access AWS services\nfrom on-prem services with using AWS temporary credentials rather than\nstatic credentials. Athenz ZTS server can be used to request AWS temporary\ncredentials for configured AWS IAM roles.\n\n## Install\n\n* [Development Environment](docs/dev_environment.md)\n* Local/Development/Production Environment Setup\n    * [ZMS Server](docs/setup_zms.md)\n    * [ZTS Server](docs/setup_zts.md)\n    * [UI Server](docs/setup_ui.md)\n* AWS Production Environment Setup\n    * [Introduction](docs/aws_athenz_setup.md)\n\n## Usage\n\n* Architecture\n    * [Data Model](docs/data_model.md)\n    * [System View](docs/system_view.md)\n    * [Authorization Flow](docs/auth_flow.md)\n* Features\n    * [Service Identity X.509 Certificates - Copper Argos](docs/copper_argos.md)\n* Developer Guide\n    * [Centralized Access Control](docs/cent_authz_flow.md)\n        * [Java Client/Servlet Example](docs/example_java_centralized_access.md)\n        * [Go Client/Server Example](docs/example_go_centralized_access.md)\n    * [Decentralized Access Control](docs/decent_authz_flow.md)\n        * [Java Client/Servlet Example](docs/example_java_decentralized_access.md)\n* Customizing Athenz\n    * [Principal Authentication](docs/principal_authentication.md)\n    * [Private Key Store](docs/private_key_store.md)\n    * [Certificate Signer](docs/cert_signer.md)\n    * [Service Identity X.509 Certificate Support Requirements - Copper Argos](docs/copper_argos_dev.md)\n    * [OIDC Authentication Provider Support for AWS EKS](docs/oidc_aws_eks.md)\n* User Guide\n    * [ZMS Client Utility](docs/zms_client.md)\n    * [ZPU Utility](docs/setup_zpu.md)\n    * [Registering ZMS Service Identity](docs/reg_service_guide.md)\n    * [ZMS API](docs/zms_api.md)\n    * [ZTS API](docs/zts_api.md)\n\n## Contribute\n\nPlease refer to the [contributing file](CONTRIBUTING.md) for information about how to get involved. We welcome issues, questions, and pull requests.\n\nYou can also contact us for any user and development discussions through our groups:\n\n* [Athenz-Dev](https://groups.google.com/d/forum/athenz-dev) for development discussions\n* [Athenz-Users](https://groups.google.com/d/forum/athenz-users) for users questions\n\nThe [sourcespy dashboard](https://sourcespy.com/github/yahooathenz/) provides a high level overview of the repository including [module dependencies](https://sourcespy.com/github/yahooathenz/xx-omodulesc-.html), [module hierarchy](https://sourcespy.com/github/yahooathenz/xx-omodules-.html), [external libraries](https://sourcespy.com/github/yahooathenz/xx-ojavalibs-.html), [web services](https://sourcespy.com/github/yahooathenz/xx-owebservices-.html), and other components of the system.\n\n## License\n\nLicensed under the Apache License, Version 2.0: [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fathenz%2Fathenz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fathenz%2Fathenz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fathenz%2Fathenz/lists"}