Show HN: Trasa – zero trust service access platform
trasa.ioHi hackers,
TRASA is a unified access control project with identity-aware access proxy, privileged access management, two-factor authentication, device trust, and access policy features that enable secure remote access to Web, SSH, RDP, and Database services.
It's an opensource and self-hostable alternative to Duo Beyond, Cloudflare Access, Okta Access, and other similar services.
Disclosure: I am one of the core contributors to this project.
Hello, could “explain to me like I am 5” how does this help developers or companies how it ties into AWS ?
Since you mentioned AWS, in a typical AWS organization, you will have services which fall into two categories; 1) external services that are used by your customers (let's say a web application) and 2) internal services that are used by your internal team, i.e., developers, DevOps team, administrators (let's say SSH, RDP, database, hosted GitLab). Most probably, you are protecting customer-facing services with web application firewalls, DDOS prevention. But how do you safeguard access to internal services?
Weak access to internal services are often overlooked and are one of the primary vectors of system compromise and data breach. With features such as agentless two-factor authentication, privilege access security(protecting keys to your kingdom), device authentication (verify user devices along with passwords), TRASA ensures that access to internal services is well protected.
Thank you !
Why should I use TRASA over Keycloak?
TRASA compliments systems like Keycloak with additional security features, and you should use both; Keycloak to manage user and service identities and TRASA to ensure that those identities are not misused, compromised credentials do not lead to data breach and achieve compliance.
Think of Keycloak as human resource admin, which enrolls an employee and applications in an organization, and assign them a badge for security clearance to access those applications. TRASA is a system that polices misuse of their security clearance (malicious insider) and protects applications and services from compromised accounts threats (stolen credentials).