- HTML 57.2%
- Go 42.8%
| cmd/example | ||
| .gitignore | ||
| admin.go | ||
| audit.go | ||
| dashboard.html | ||
| go.mod | ||
| LICENSE | ||
| middleware.go | ||
| providers.go | ||
| README.md | ||
GateKey
SSO, RBAC, and audit logging for Go HTTP apps. middleware. no auth vendor lock in, no k8s operators, no eight hundred a month okta for twenty people
drop it into any net/http server in like fifteen lines
what it does
SSO with Google, Okta, Auth0, Azure AD (OIDC), or SAML. role policies with path and method allow/deny. audit log for every request: who, what, allow/deny, how long. sessions with HMAC signed cookies and Bearer tokens. service accounts so you can issue tokens for CI and scripts. admin dashboard for the audit log and role editor
quick start
git clone https://git.hexed.systems/lifelessai/gatekey
cd gatekey
go mod tidy
GATEKEY_SECRET="your-secret-at-least-32-chars!!" go run ./cmd/example
# open localhost:8080, login at /auth/dev/login (dev provider: alice@acme.com / dev, bob@acme.com / dev)
wire it up: New with Config and providers. Protect("admin") or Protect("employee","admin") on handlers. LoginHandler, CallbackHandler, LogoutHandler for the auth routes. read the example
providers
Google (OAuth2, client ID and domain allowlist). Okta Auth0 Azure (OIDC, discovery URL). SAML stub. DevProvider for local dev with a simple email/password map
RBAC
DefineRole with Allow and Deny rules. paths and methods. first match wins. deny wins over allow when both match. see the example for the shape
audit backends
file (ndjson), webhook (e.g. splunk), in memory, or multi so you can send to several. plug in what you need
service accounts
IssueToken with principal and expiry. use the token as Bearer. good for deploy pipelines and automation
vs the rest
Auth0 and Okta cost money and are not a Go middleware. Casbin does RBAC but no SSO and no audit. gatekey is just a library, self hosted, free. you keep your stack
license
MIT