lifelessai/gatekey
1
0
Fork 0
Code Issues Pull Requests repo.project Releases Packages Wiki Activity Actions
Drop-in SSO, RBAC, and audit logging for Go HTTP apps. Google, OIDC, SAML. Role policies, signed sessions, service accounts. Self-hosted, no auth vendor.
2 commits 1 branch 0 tags 58 KiB
  • HTML 57.2%
  • Go 42.8%
Go to file
Exact
ibotzhub 6dcaaf7fca docs: repo URL, LICENSE link, clearer quick start; ignore .env.* 
- README: GitHub URL; intro and wire-up section with code links
- README: localhost + xdg-open note; link MIT to LICENSE
- .gitignore: .env.*
2026-05-13 03:00:11 -07:00
cmd/example Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
.gitignore docs: repo URL, LICENSE link, clearer quick start; ignore .env.* 2026-05-13 03:00:11 -07:00
admin.go Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
audit.go Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
dashboard.html Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
go.mod Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
LICENSE Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
middleware.go Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
providers.go Initial commit: GateKey SSO RBAC audit middleware for Go 2026-03-06 09:40:38 -08:00
README.md docs: repo URL, LICENSE link, clearer quick start; ignore .env.* 2026-05-13 03:00:11 -07:00

README.md

GateKey

https://github.com/ibotzhub/gatekey

SSO, RBAC, and audit logging for Go net/http apps: middleware, no auth vendor lock-in, no Kubernetes operators, no eight-hundred-dollar-a-month IdP for twenty people.

Drop it into any net/http server in about fifteen lines.

what it does

SSO with Google, Okta, Auth0, Azure AD (OIDC), or SAML. role policies with path and method allow/deny. audit log for every request: who, what, allow/deny, how long. sessions with HMAC signed cookies and Bearer tokens. service accounts so you can issue tokens for CI and scripts. admin dashboard for the audit log and role editor

quick start

git clone https://github.com/ibotzhub/gatekey
cd gatekey
go mod tidy

GATEKEY_SECRET="your-secret-at-least-32-chars!!" go run ./cmd/example
# Open http://localhost:8080 (macOS: open; Linux: xdg-open)
# Login at /auth/dev/login (dev provider: alice@acme.com / dev, bob@acme.com / dev)

Wire it up: gatekey.New with Config and providers. Protect("admin") or Protect("employee", "admin") on handlers. LoginHandler, CallbackHandler, LogoutHandler for the auth routes. See cmd/example/main.go.

providers

Google (OAuth2, client ID and domain allowlist). Okta Auth0 Azure (OIDC, discovery URL). SAML stub. DevProvider for local dev with a simple email/password map

RBAC

DefineRole with Allow and Deny rules. paths and methods. first match wins. deny wins over allow when both match. see the example for the shape

audit backends

file (ndjson), webhook (e.g. splunk), in memory, or multi so you can send to several. plug in what you need

service accounts

IssueToken with principal and expiry. use the token as Bearer. good for deploy pipelines and automation

vs the rest

Auth0 and Okta cost money and are not a Go middleware. Casbin does RBAC but no SSO and no audit. gatekey is just a library, self hosted, free. you keep your stack

license

MIT