FerrisKey — Open‑Source, High‑Performance Identity & Access Management
Cloud‑native • Extensible • Built in Rust
FerrisKey is a modern Identity & Access Management (IAM) platform built with Rust and a hexagonal architecture. It aims to be a serious open‑source alternative to heavyweight IAMs fast, modular, and cloud‑native by design.
- 🦀 Performance-first — Rust, async I/O, low latency.
- 🧱 Hexagonal architecture — clean domain, clear ports/adapters.
- 🏢 Multi‑tenant realms — strong isolation of users/roles/clients.
- 🔐 Modern auth — OIDC/OAuth2, MFA (TOTP).
- 🧩 Extensibility — native modules for MFA, auditability, and webhooks.
- ☁️ Cloud‑native — official Helm chart; ready for Kubernetes.
- Features
- Quick Start
- Configuration
- Modules
- Architecture
- Observability
- Roadmap
- Contributing
- Security
- License
- Links
| Capability | Details |
|---|---|
| OIDC / OAuth2 | Standards‑compliant flows for modern apps & services. |
| Multi‑Tenant Realms | Logical isolation of users, roles, clients, secrets. |
| Clients & Service Accounts | Fine‑grained role mapping; bitwise role system. |
| MFA (TOTP) | Pluggable strategies with required actions. |
| Observability | Prometheus metrics, Grafana dashboards. |
| Kubernetes‑ready | Helm chart with sane defaults; OCI distribution. |
License: Apache‑2.0. No paywalls. Community‑first.
docker compose --profile registry up -dThen visit http://localhost:5556 to access the console. The default credentials are admin and admin.
docker compose --profile local up -dThen visit http://localhost:5555 to access the console. The default credentials are admin and admin.
Requires a reachable Postgres (or include it via your platform’s recommended operator).
See chart documentation.
- Clone the repo
git clone https://github.com/ferriskey/ferriskey- Launch the database and execute migrations with sourced env variables
cd api
cp env.example .env
# feel free to change the env variables in .env to your liking.
docker compose up -d
cd ../core
# to install sqlx you might need to run `cargo install sqlx-cli`
DATABASE_URL=postgres://postgres:postgres@localhost:5432/ferriskey sqlx migrate run- Launch the API
cd ../api
cargo run- Launch the frontend (optional)
cd ../front
source env.sh
pnpm install
pnpm run devThen visit http://localhost:5555 to access the console. The default credentials are admin and admin.
Common environment variables (example):
PORT=3333
ENV=development
LOG_LEVEL=info
DATABASE_URL=postgres://postgres:postgres@127.0.0.1:5432/ferriskey
ADMIN_PASSWORD=admin
ADMIN_USERNAME=admin
ADMIN_EMAIL=admin@ferriskey.rs
ALLOWED_ORIGINS=http://localhost:5555
By default, the API will listen on port 3333 and the frontend on port 5555.
-
Trident — MFA & security scopes TOTP, WebAuthn, Magic Link; flexible required actions.
-
SeaWatch — Observability & audit logs Security event trails; queryable from the console; exportable.
-
Webhooks — Event‑driven extensibility Subscribe to user/client/realm lifecycle events without forking core.
FerrisKey follows a Hexagonal Architecture (Ports & Adapters) to keep business logic pure and infrastructure replaceable.
- Metrics: /metrics (Prometheus format)
- Dashboards: Starter Grafana dashboards included in Helm values (optional)
We welcome contributions of all kinds bugfixes, features, docs, testing.
- Read CONTRIBUTING.md
- Pick an issue (good first issues labelled)
- Open a PR with tests and a concise description
Join discussions to help shape modules, APIs, and UX.
Please report vulnerabilities responsibly via Security Advisories. Avoid filing publicly until coordinated disclosure is agreed.
Apache‑2.0 — free to use, modify, and distribute.
- 📂 Source: https://github.com/ferriskey/ferriskey
- 📦 Helm Chart (OCI):
oci://ghcr.io/ferriskey/charts/ferriskey - 📖 Documentation: https://ferriskey.rs/docs/welcome/introduction
- 💬 Discussions: https://github.com/ferriskey/ferriskey/discussions
- 🏆 Sponsor: https://github.com/sponsors/ferriskey