{"id":37205980,"url":"https://github.com/cyakimov/helios","last_synced_at":"2026-01-14T23:43:31.782Z","repository":{"id":87170908,"uuid":"178752081","full_name":"cyakimov/helios","owner":"cyakimov","description":"Identity-Aware Proxy","archived":true,"fork":false,"pushed_at":"2023-02-25T02:09:05.000Z","size":152,"stargazers_count":22,"open_issues_count":4,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T06:25:42.640Z","etag":null,"topics":["beyondcorp","gateway","identity-aware-proxy","proxy","reverse-proxy","zero-trust"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyakimov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-31T23:06:50.000Z","updated_at":"2024-02-08T19:05:45.000Z","dependencies_parsed_at":"2023-03-13T19:44:49.913Z","dependency_job_id":null,"html_url":"https://github.com/cyakimov/helios","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cyakimov/helios","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyakimov%2Fhelios","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyakimov%2Fhelios/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyakimov%2Fhelios/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyakimov%2Fhelios/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyakimov","download_url":"https://codeload.github.com/cyakimov/helios/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyakimov%2Fhelios/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28439529,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T22:37:52.437Z","status":"ssl_error","status_checked_at":"2026-01-14T22:37:31.496Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["beyondcorp","gateway","identity-aware-proxy","proxy","reverse-proxy","zero-trust"],"created_at":"2026-01-14T23:43:31.083Z","updated_at":"2026-01-14T23:43:31.770Z","avatar_url":"https://github.com/cyakimov.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\u003cimg src=\"./docs/images/banner.png\" alt=\"Helios - Identity-aware Proxy\"\u003e\u003c/h1\u003e\n\n[![Build Status](https://travis-ci.org/cyakimov/helios.svg?branch=master)](https://travis-ci.org/cyakimov/helios)\n[![Go Report Card](https://goreportcard.com/badge/github.com/cyakimov/helios)](https://goreportcard.com/report/github.com/cyakimov/helios)\n[![LICENSE](https://img.shields.io/github/license/pomerium/pomerium.svg)](https://github.com/pomerium/pomerium/blob/master/LICENSE)\n\n**⚠ This project is on early stage and it's not ready for production yet ⚠**\n\nHelios is an Identity \u0026 Access Proxy (IAP) that authorizes HTTP requests based on sets of rules. \nIt is the building block towards [BeyondCorp](https://beyondcorp.com), a model designed by Google to secure applications\nin Zero-Trust networks.\n\nIn a nutshell, with Helios you can:\n\n* Identify users using existing identity providers like Google, Auth0, Azure AD, etc.\n* Secure and authenticate access to any domain or path \n* Configure authorization policies using [CEL](https://github.com/google/cel-spec) expressions\n* Use Helios as gateway or reverse proxy \n\n## Motivation\n\nMy goal is to build an open source alternative to\n[Cloudflare Access](https://www.cloudflare.com/products/cloudflare-access/)\nand [Cloud IAP](https://cloud.google.com/iap/).\n\nBeyond that, I started this project off for 2 reasons:\n\n1. I wanted to exercise and continue improving my Go skills.\n2. I'm interested in BeyondCorp, Google's implementation of [Zero Trust](https://wikipedia.org/wiki/Zero_Trust). I \nbelieve Zero Trust is the future of Enterprise Security.\n3. Last but not least, because it's fun! \n\n## Install\n\n[Install Go](https://golang.org/doc/install).\n\nNext download the project and build the binary file.\n\n```shell\n$ go get -u github.com/cyakimov/helios\n```\n\n## Usage\n\n```shell\nhelios -config config.example.yaml\n```\n\nList flags with\n\n```shell\nhelios -help\n```\n\n### Configuring authorization rules\n\nThe supported condition attributes are based on details about the request (e.g., its timestamp, originating IP address\n, identity, etc.).\nExamples and a description of attribute types are described below.\n\n#### Available Attributes\n\n- `request.host`\n- `request.path`\n- `request.ip`\n- `request.timestamp`\n\nFor example, by setting Expression to a CEL expression that uses `request.ip` you can limit access to only members\nwho have a private IP of 10.0.0.1\n\n```\nrequest.ip == \"10.0.0.1\"\n```\n\nAlternatively, you can check if a request comes from a particular network:\n\n```\nrequest.ip.network(\"192.168.0.0/24\")\n```\n\n**Example Date/Time Expressions**\n\nAllow access temporarily until a specified expiration date/time:\n\n```timestamp(request.time) \u003c timestamp(\"2019-01-01T07:00:00Z\")```\n\nAllow access only during specified working hours:\n\n```\ntimestamp(request.time).getHours(\"America/Santiago\") \u003e= 9 \u0026\u0026\ntimestamp(request.time).getHours(\"America/Santiago\") \u003c= 17 \u0026\u0026\ntimestamp(request.time).getDayOfWeek(\"America/Santiago\") \u003e= 1 \u0026\u0026\ntimestamp(request.time).getDayOfWeek(\"America/Santiago\") \u003c= 5\n```\n\nAllow access only for a specified month and year:\n\n```\ntimestamp(request.time).getFullYear(\"America/Santiago\") == 2018\ntimestamp(request.time).getMonth(\"America/Santiago\") \u003c 6\n```\n\n**Example URL Host/Path Expressions**\n\nAllow access only for certain subdomains or URL paths in the request:\n\n```\nrequest.host == \"hr.example.com\"\nrequest.host.endsWith(\".example.com\")\nrequest.path == \"/admin/payroll.js\"\nrequest.path.startsWith(\"/admin\")\n```\n\n## Development\n\n### Prerequisites\n\n - Go 1.13\n - [mkcert](https://github.com/FiloSottile/mkcert)\n\n### Environment Setup\n\nDeploy local CA\n\n```shell\nmkcert -install\n```\n\nCreate a certificate for local development\n\n```shell\nmkcert localhost 127.0.0.1\n```\n\nInstall dependencies\n\n```shell\ngo mod download\n```\n\nRun the program\n\n```shell\ngo run . -config config.example.yaml\n```\n\n## Roadmap 🗺\n\n| Status | Milestone |\n| :---: | :--- |\n| 🚀 | Expression engine |\n| ❌ | Support popular identity providers |\n| ❌ | Use templates for error pages |\n| ❌ | Export prometheus metrics |\n| ❌ | Create a Github page |\n| ❌ | Dynamic policies |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyakimov%2Fhelios","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyakimov%2Fhelios","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyakimov%2Fhelios/lists"}