{"id":22479125,"url":"https://github.com/jsiebens/brink","last_synced_at":"2026-03-16T03:34:55.670Z","repository":{"id":44590146,"uuid":"445427431","full_name":"jsiebens/brink","owner":"jsiebens","description":"brink - a lightweight identity aware proxy","archived":false,"fork":false,"pushed_at":"2023-06-15T06:34:09.000Z","size":403,"stargazers_count":22,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-06-19T05:56:49.594Z","etag":null,"topics":["beyondcorp","gateway","identity-aware-proxy","reverse-proxy","tcp-forwarding","tunnel","vpn","zero-trust"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jsiebens.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-07T06:53:27.000Z","updated_at":"2024-05-23T13:59:32.000Z","dependencies_parsed_at":"2024-06-19T05:27:25.654Z","dependency_job_id":"ae43b8cb-c1ac-4754-a78c-68347dbb1b37","html_url":"https://github.com/jsiebens/brink","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsiebens%2Fbrink","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsiebens%2Fbrink/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsiebens%2Fbrink/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsiebens%2Fbrink/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jsiebens","download_url":"https://codeload.github.com/jsiebens/brink/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228483617,"owners_count":17927363,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["beyondcorp","gateway","identity-aware-proxy","reverse-proxy","tcp-forwarding","tunnel","vpn","zero-trust"],"created_at":"2024-12-06T15:13:07.656Z","updated_at":"2026-03-16T03:34:50.633Z","avatar_url":"https://github.com/jsiebens.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# brink\n\n[![license](http://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/jsiebens/brink/master/LICENSE)\n[![test](https://img.shields.io/github/actions/workflow/status/jsiebens/brink/build.yaml?branch=main)](https://github.com/jsiebens/brink/actions)\n[![report](https://goreportcard.com/badge/github.com/jsiebens/brink)](https://goreportcard.com/report/github.com/jsiebens/brink)\n\n__brink__ is a lightweight Identity-Aware Proxy (IAP) for TCP forwarding. \n\nIt allows you to establish a secure websocket connection over which you can forward SSH, RDP, \nand other traffic to your private services, and allows you to control who can access those services based on identity. \n\nHighlights:\n\n- access your private services from anywhere\n- identity-based access for zero-trust security\n- authenticate with GitHub or with any trusted OIDC provider\n- access policies based on identity\n- a single binary or Docker image\n- easy configuration\n\n## Quickstart\n\nCreate an OIDC client application on your favorite provider, e.g. Auth0, Okta, Keycloak, ... or create a\nnew [GitHub OAuth](https://github.com/settings/developers) application. In both cases, take note of your client id and\nclient secret (and the issuer url when using OIDC).\n\nCreate a new brink configuration file:\n\n```yaml\ntls:\n  disable: true\n\nauth:\n  url_prefix: \"http://localhost:7000\"\n  provider:\n    type: \"oidc\" # or github\n    issuer: \"\u003cyour oidc issuer\u003e\" # remove this line when using github\n    client_id: \"\u003cyour client id\u003e\"\n    client_secret: \"\u003cyour client secret\u003e\"\n\nproxy:\n  policies:\n    local:\n      filters: [ \"*\" ]\n      targets: [ \"localhost:*\" ]\n```\n\nDownload the latest version of brink from the [releases](https://github.com/jsiebens/brink/releases) page\n\nStart a brink server instanc:\n\n```shell\n$ brink server proxy --config config.yaml\nINFO[0000] Starting brink proxy server. Version 0.6.0 - 83c874a \nINFO[0000] registering oidc routes                      \nINFO[0000] registering proxy routes                     \nINFO[0000] server listening on :7000\n```\n\nNext, use the `brink ssh` command to SSH into the localhost. Depending on your system, a browser will first open\nallowing you to authenticate with your identity provider.\n\n```shell\n$ brink ssh -r http://localhost:7000 -t localhost:22\n```\n\n## Documentation\n\n(coming soon; in the meanwhile, have a look at the examples below)\n\n## Examples\n\n- [Running brink with docker-compose](./examples/docker)\n- [Running brink on Kubernetes]((./examples/kubernetes))\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsiebens%2Fbrink","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsiebens%2Fbrink","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsiebens%2Fbrink/lists"}