Show HN: Cordium – FOSS self-hosted sandbox platform alt. Codespaces/E2B/Daytona

  • Posted 2 hours ago by geoctl
  • 1 points
https://github.com/octelium/cordium
Hello HN , Cordium is a FOSS, self-hosted, general-purpose sandbox platform that I've been working on for a long time now that is built on Kubernetes and Octelium https://github.com/octelium/octelium, my main work. Cordium can be used for various persistent/ephemeral long/short-lived workloads, including coding for developers with VSCode, Zed, etc. (i.e. self-hosted GitHub Codespaces alternative), AI agent tasks (i.e. FOSS alternative to AI sandbox products such as E2B, Daytona, etc.), CI/CD workloads (e.g. building and publishing Docker images etc.), and more importantly for secretless remote access to infrastructure for devs and automated workloads from within the sandboxes.

The key differentiator here for Cordium, in comparison with other dev environments and sandbox platforms, is that Cordium automatically provides identity-based, secretless secure access to resources or infrastructure (e.g. APIs, SSH, databases, k8s, etc.) without having to inject credentials (e.g. API keys/access tokens, SSH private keys, database passwords, etc.) into the sandbox where the upstream credential is held by the identity-aware proxy of the Octelium-protected resource outside the reach of the sandbox. The sandbox permissions and access to resources is determined via identity-based, L7-aware, pre-request access control through CEL/OPA policy-as-code rather than injected credentials inside the sandbox. In other words, Cordium isn't just meant as a runtime for isolated execution where filesystem, CPU, memory, storage, etc... are isolated and controlled, but more importantly meant for identity-based secure access to infrastructure and resources.

In short, Cordium is basically a genereal-purpose sandbox platform + a ZTNA/remote-access-VPN baked-in with unified identity management, L7-aware access control and visibility.

Cordium is a purely FOSS project under Apache 2.0 that's meant for self-hosting and there are no plans for a pro/SaaS/cloud/commercial version. It was developed initially as a remote development environment for Octelium users to access their resources via web-based terminals through reproducible remote sandboxes instead of having to install and run the Octelium CLI connectors on their own machines but over time it grew into a general-purpose sandbox platform that can be used for all kinds of persistent/ephemeral and short/long-lived tasks by developers or automated workloads. I also want to clarify that Cordium, while opensourced a few days ago, is not a new project, the development of the project dates back to 2022 (see the older in https://github.com/octelium/spaces) and it is already being used by a few organizations that use Octelium since last year. In other words, this is not a toy project and it's meant to be used in production even though it's not quite ready to be labeled v1.0 yet. Happy to answer any questions.

0 comments