menshend 门神
Operating system | Status |
Linux | |
Windows | |
- ⌘ Full feature list
- ? Docs
- ⇩ Download
- ⌧ Docker
- ❁ Swagger api
Menshend is an identity-aware reverse proxy (TCP/HTTP) that uses Vault as policy manager. You can use it as replacement for VPNs, firewall rules and to give access programmatically to organization's members, scripts, external users or third party applications.
Menshend was built with the objective of making the secure laboratories
creation easy, facilitating the life of DevOps/cloud admin engineers, whom this product is oriented to.
:warning: In order to use it effectively, you already need to know how to install and operate Vault.
It does also come with a beautiful and functional UI which makes it simple to login to services from the browser, share secrets, etc.
Brief list of things you can protect or do:
- Organization internal applications (in-house or open-source).
- Serverless functions.
- Connect your applications (PostgreSQL, Redshift, etc.) across different VPCs on AWS, without the need of a VPN, VPC peering, etc.
- Secure external APPs for small or medium size sites.
- Give secure access to scripts, other machines, third party applications, web-hooks, in-house slack bots.
- Deploy to Kubernetes in a controlled and secure way from your CI pipelines (Travis CI, Gitlab, CircleCI, Drone, etc.).
- and much more..., its usages are endless because of being a programmable proxy.
See similar software and limitations
curl -LO$(curl -s
curl -LO$(curl -s
curl -LO$(curl -s
unzip and make the menshend binary executable and move it to your PATH
full list of downloads for other platforms here
full list of tags, configurations and options
linux amd64
docker pull nebtex/menshend:$(curl -s
Without these projects, menshend would not exist.
Vault, as the central policy manager.
Oxy, the heart of the proxying strategy.
Chisel, we use an adapted version of Chisel to create secured tunnels (port forwarding strategy).
Kubernetes and Swagger, the API and CLI tools are inspired on Kubernetes, and we implemented the API with Swagger.
To contribute to this project, see CONTRIBUTING.
At the moment we will be focused on fixing small issues and making the software more stable. Development of major features is froze till we can rewrite the codebase with omniql.
Some of the planned features are:
- Natively support TLS and ACME.
- Add Javascript resolver.
- Reduce the hits to Vault.
- Distributed cache for the resolvers.
- Improve the performance and make it viable for protecting any kind of external or user facing APP.
menshend is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.