It’s always a big deal when a project releases “version 1.0”. Our version 1.0 release validates all of the good things about zrok while improving a few areas that needed it, and also brings several exciting new features.
As we roll into 2025, we’re entering into an exciting time for the world of zrok. We’ve just recently added support for custom domains, and with the 1.0 release right around the corner, zrok is more powerful than it has ever been. We thought this was a good time to zoom out and take a look at how users are actually using our hosted zrok as a service.
Regular readers of this blog know that OpenZiti provides secure overlay networking between Ziti identities. You can improve security of your OpenZiti edge identities by using hardware-based private keys. This guide provides step-by-step instructions on integrating hardware security with OpenZiti. It uses Linux built-in TPM as a hardware security device. Similar steps will also work with other HSM devices.
With the latest release of myzrok.io we are excited to announce the introduction of custom domains!
Moving to Go as my primary development language was a surprisingly easy transition. Coming from a language with strong OOP roots, like Java, I quickly found many analogs for the OOP constructs I was used to, but also had to adjust my thinking.
This article walks through some of Go’s object oriented features and also discusses how some patterns common in other languages can be written in a way that’s closer to idiomatic Go. It also covers some features of Go that surprised and (in some cases) delighted me.
If you run Portainer, and you seek a modern, flexible recipe for how to make it secure while also providing flexible access to your authorized users, this article is for you.
A question that sometimes gets asked is: What types of companies, self-hosters, or general use cases, will gain the greatest benefit from using OpenZiti BrowZer?
The previous post revisited the zssh project and demonstrated how to implement a simple ssh client using the extended modules provided by the Golang project. It also modified that simple program and showed what it takes to incorporate OpenZiti, creating a zero trust ssh client. This post focuses on another aspect of zssh and OpenZiti: multi-factor authentication.
A few years ago, the OpenZiti project developed and published two client tools to make ssh and scp available over an OpenZiti overlay network without requiring the sshd port to be exposed to the internet. If interested, read the original posts about zssh and zscp. Continuing with the belief that security-related code should be open source and auditable, the project is available on GitHub.
If you're involved with software creation or deployment, you likely use Docker. If so, the following saga probably rings some bells with you:
zrok has been growing pretty steadily throughout 2024. As we've grown, we've started having to deal with abuse, phishing, and other similar types of issues showing up on the service at zrok.io.