The modern, high-performance alternative to Keycloak
Features β’ Quick Start β’ Documentation β’ Roadmap
| Vaultara | Keycloak | Auth0 | |
|---|---|---|---|
| Performance | β‘ Blazing fast (Rust) | π’ JVM overhead | βοΈ Cloud latency |
| Memory Usage | πΎ ~50MB | πΎ ~500MB+ | N/A |
| Self-Hosted | β Full control | β Complex setup | β SaaS only |
| Multi-Tenant | β Native | β Realms | β Organizations |
| LDAP/AD | β Full support | β Built-in | β Enterprise |
| Kubernetes Native | β Webhooks | β | |
| Open Source | β MIT/Apache-2.0 | β Apache-2.0 | β Proprietary |
| Cost | π Free | π Free | π° Per user |
- Multi-tenant Architecture - Complete isolation between organizations
- High Availability - Horizontal scaling, no single points of failure
- Complete Audit Trail - Immutable logs, entity versioning, compliance-ready
- Enterprise SSO - LDAP, Active Directory, SAML, OAuth/OIDC federation
- OAuth 2.0 / OpenID Connect - Full specification compliance
- WebAuthn/Passkeys - Passwordless authentication
- TOTP/MFA - Multi-factor authentication with backup codes
- ABAC Policies - Attribute-based access control with Rego-like rules
- Per-Tenant Security Config - Custom password policies, lockout rules, IP restrictions
- Kubernetes Integration - Native TokenReview & SubjectAccessReview webhooks
- Helm Charts - One-command deployment to any Kubernetes cluster
- Docker Ready - Container-first deployment model
- Generic SMTP - Works with any email provider
- SDKs - Native libraries for Rust, Python, and Node.js
- REST API - Comprehensive API for all operations
- Webhooks - Real-time event notifications
- Plugin System - Extend with custom authentication providers
# Start Vaultara with PostgreSQL
docker-compose up -d
# Access the API
curl http://localhost:8080/health# Add Helm repository
helm repo add vaultara https://charts.vaultara.io
# Install Vaultara
helm install vaultara vaultara/vaultara \
--set config.database.url="postgresql://user:pass@postgres:5432/vaultara"# Clone and build
git clone https://github.com/RustLangES/vaultara
cd vaultara
cargo build --release
# Configure and run
cp .env.example .env
./target/release/vaultarause vaultara_sdk::{VaultaraClient, VaultaraConfig};
let client = VaultaraClient::new(
VaultaraConfig::new("https://vaultara.example.com")
.with_api_key("your-api-key")
)?;
// Validate token
let user = client.validate_token("access-token").await?;
// Check permission
let allowed = client
.check_permission("tenant-id", "user-id", "orders", "create")
.await?;from vaultara_sdk import VaultaraClient
client = VaultaraClient("https://vaultara.example.com", api_key="your-api-key")
# Validate token
user = client.validate_token("access-token")
if user.valid:
print(f"Welcome, {user.username}!")
# Check permission
if client.check_permission("tenant-id", "user-id", "orders", "create"):
print("Permission granted")const { VaultaraClient } = require('@vaultara/sdk');
const client = new VaultaraClient({
baseUrl: 'https://vaultara.example.com',
apiKey: 'your-api-key'
});
// Validate token
const user = await client.validateToken('access-token');
// Check permission
const allowed = await client.checkPermission('tenant-id', 'user-id', 'orders', 'create');Centralize authentication across all your applications with single sign-on. Integrate with existing LDAP/Active Directory infrastructure.
Secure service-to-service communication with machine tokens. Validate permissions at the edge with minimal latency.
Use Vaultara tokens for Kubernetes authentication. Map Vaultara roles to Kubernetes RBAC for unified access control.
OAuth 2.0 with PKCE for secure mobile authentication. WebAuthn support for passwordless login.
| Document | Description |
|---|---|
| API Reference | Complete REST API documentation |
| Kubernetes Guide | K8s integration setup |
| Architecture | System design & data model |
| ROADMAP | Development roadmap |
Need enterprise features or dedicated support?
- π§ Email: enterprise@vaultara.io
- π¬ Discord: Join Community
- π Issues: GitHub Issues
We welcome contributions! See CONTRIBUTING.md for guidelines.
Dual-licensed under MIT or Apache-2.0 at your option.
Built with β€οΈ in Rust