GitHub Repository

Open-source, identity-based, general-purpose sandbox platform on Kubernetes that eliminates credential sprawl for developers and AI agents

20 starsTypeScript

Cordium – FOSS sandbox platform with secretless infrastructure access

Name: Cordium – FOSS sandbox platform with secretless infrastructure access
Availability: InStock
Author: geoctl

by geoctl·May 25, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●●BangerBig BrainBold Bet

Identity-based secretless access baked into sandboxes beats injecting API keys.

Strengths

•Octelium identity proxy eliminates credential leakage in ephemeral containers.
•Unified interface for human devs and AI agents to access the same resources.
•VolumeSnapshot templating cuts cold startup time from minutes to seconds.

Weaknesses

•Requires running your own Kubernetes cluster, raising the barrier to entry.
•Tight coupling with Octelium ecosystem might limit adoption for pure K8s shops.

Post Description

Hello HN, Cordium is a project that I have been working on for a long time and now I am open sourcing it under Apache 2.0. It was initially meant as a remote development environment (i.e. similar to GitHub Codespaces) for my main project, Octelium, where users can access Octelium-protected resources via browser-based terminals without having to use CLIs and directly connecting from their own machines. But overtime it grew into a general-purpose sandbox platform that can be used for coding by devs, AI agent tasks, CI/CD, etc. The main differentiator here, compared to other dev environments and sandbox platforms, is that Cordium is that it automatically provides identity-based, secretless secure access to resources (e.g. APIs, SSH, databases, k8s, etc.) without having to inject credentials (e.g. API keys, SSH private keys, database passwords, etc.) into the sandbox. You can simply think of it as a sandbox+ZTNA baked-in where access to infrastructure is based on identity and policy-as-code rather than credentials.