Ockam - Build Secure-by-Design Applications at Massive Scale
LogoBlogAdd Access Token

Ockam - Build Secure-by-Design Applications at Massive Scale

Mila 3 min read

🍾️ Welcome Ockam as Star History's first GitHub Sponsor.

Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.


Application security has historically relied upon network perimeters and intrusion detection to keep data that moves between applications secure. However as applications become ever more distributed across private, cloud, and edge environments, it has become impossible for application developers to rely upon network security, alone, to keep data-in-motion safe.

Ockam's Solution

Secure by Design

Ockam’s end-to-end secure channels guarantee authenticity, integrity, and confidentiality of all data-in-motion at the application layer. This enables a deny-by-default security posture that exponentially reduces the vulnerability surface of an application and gives it true control over every access decision.

Zero Trust

Ockam gives you the tools to eliminate implicit trust in networks, services, and infrastructure. Applications get provable cryptographic identities to authenticate and authorize every access decision.

Ockam end-to-end secure channels enable application layer encryption of all data-in-motion. The data integrity and confidentiality guarantee, of these channels, create a deny-by-default security posture that minimizes our vulnerability surface and gives our application true control over every data or service access decision.

Shift Security Left

Ockam provides powerful building blocks to shift security left and make it an integral part of application design and development. Application layer trust guarantees along with tools to manage keys, credentials and authorization policies give you granular control on the security and privacy properties of your application.

Developer First

It is hard to build and scale an application that makes identity driven trust decisions. Ockam created simple, composable building blocks so you can easily deliver secure and private applications to your customers.

Our First Impression with Ockam

The Building Blocks for Tailscale alike

While Tailscale is a SaaS security solution, Ockam is the PaaS counterpart providing the underlying building blocks. Ockam is a novel idea and a great addition to the industry. It greatly lowers the barrier to add data-in-motion security to the application. Moreover, you can also use it to build a security solution like Tailscale.


Ockam is a security component sitting on the data plane, it must be both efficient and secure. Using Rust is a sane choice.

Earn Developer Trust

To address to the developer audience, trust is important. This is even more so for a security product. Throughout Ockam's marketing website, you can see quite a few code examples, below is the one from the hero section.


Last but not least let's take a look at Ockam's (star) history. It has been open-sourced since 2019, and picked up pace after 2021. In early 2022, they raised $12.5M in Series A. The spike in late 2022 was related to the launch of Ockam Orchestrator - its SaaS offering through AWS marketplace. This HN submission also helped (the Rust, Elixir and Secure combination probably attracts quite a few enthusiasms from the not-easily-pleased HN readers).


The Ockam team also shares their thoughts about growing the open-source community:

  • Listening to and supporting others
  • Being accessible and approachable
  • Building trust and giving back to the community

If you want a solid and developer friendly building blocks to secure your microservices traffic, please do give Ockam a spin.