Cordium: FOSS sandbox platform that eliminates credential injection

Hello HN, Cordium is a general-purpose sandbox platform built on Kubernetes and Octelium, may main work https://github.com/octelium/octelium, that can be used for various use cases, including coding for developers with VSCode, Zed, etc. (i.e. self-hosted GitHub Codespaces alternative), AI agent tasks (i.e. FOSS alternative to AI sandbox products such as E2B, Daytona, etc.), CI/CD workloads (e.g. building and publishing Docker images etc.), and more importantly for secretless remote access to infrastructure for devs and automated workloads.

The main _differentiator_ here, compared to other dev environments and sandbox platforms, is that Cordium automatically provides identity-based, secretless secure access to resources/infrastructure (e.g. APIs, SSH, databases, k8s, etc.) without having to inject credentials (e.g. API keys, SSH private keys, database passwords, etc.) into the sandbox where the upstream credential is held by the identity-aware proxy of the Octelium-protected resource outside the reach of the sandbox. You can simply think of it as a sandbox + ZTNA/remote-access-VPN baked-in where access to infrastructure is based on identity and policy-as-code rather than credentials.

Cordium is a purely FOSS project under Apache 2.0 that's meant for self-hosting and there are no plans for a pro/SaaS/cloud version. The development of the project started back in 2022 and it is already being used by a few organizations that use Octelium since last year. Happy to answer any questions.