Skip to content

not-koushi/zero-trust-gate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
auth-service
auth-service
 
 
frontend
frontend
 
 
gateway
gateway
 
 
prometheus
prometheus
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

🔐 ZeroTrustGate

A Context-Aware Zero Trust API Gateway with Observability

ZeroTrustGate is a production-style Zero Trust gateway that enforces per-request authentication, authorization, and context validation, while providing real-time security observability through Prometheus and Grafana.

The project demonstrates how Zero Trust principles work in practice, including token replay protection, context binding, and measurable security signals — all orchestrated with Docker Compose.

🚀 Key Features

🔒 Zero Trust Enforcement

  • No implicit trust after authentication
  • Every request must present a valid JWT
  • Role-based authorization at the gateway
  • Explicit failure paths (401 / 403)

🧠 Context-Aware Security

  • JWTs are bound to User-Agent context
  • Token replay attempts from different clients are blocked
  • Designed to work correctly in containerized / proxy environments

📊 Security Observability

  • Prometheus metrics exposed via /metrics
  • Accurate counters for:
    • Total gateway requests
    • Authentication failures
    • Expired token rejections
  • Grafana dashboards for real-time visibility

🐳 Infrastructure-Ready

  • Dockerfiles for all services
  • Docker Compose orchestration
  • Persistent volumes for Prometheus and Grafana
  • One-command startup and shutdown

🧱 Architecture Overview

Browser / Client
       |
       v
+-------------------+
|   Auth Service    |  (FastAPI)
|  Issues JWTs      |
+-------------------+
       |
       v
+-------------------+
|  API Gateway      |  (Node.js / Fastify)
|  - Auth Check     |
|  - Authorization  |
|  - Context Check  |
+-------------------+
       |
       v
+-------------------+
| Protected APIs    |
+-------------------+

Gateway Metrics → Prometheus → Grafana

🛠️ Tech Stack

Layer Technology
Auth Service Python, FastAPI
API Gateway Node.js, Fastify
Frontend Next.js (minimal demo client)
Metrics Prometheus
Dashboards Grafana
Orchestration Docker Compose

📁 Repository Structure

zero-trust-gate/
├── auth-service/
├── gateway/
├── frontend/
├── prometheus/
├── docker-compose.yml
└── README.md

▶️ Running the Project

docker compose up --build

📈 Project Status

✔ Feature complete
✔ Demo ready
✔ Dockerized
✔ Observable
✔ Interview-defensible

🧑‍💻 Author

Koushik Panchadarla

  • Built as a security-focused backend infrastructure project to demonstrate Zero Trust principles in real systems.

About

A Zero Trust API Gateway that continuously verifies identity, context, and authorization for every request.

Topics

docker-compose api-gateway grafana prometheus authorization jwt-authentication observability zero-trust security-engineering fastapi

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

ZeroTrustGate v1.1.0 — Context-Aware Zero Trust & Observability Latest
Jan 17, 2026
+ 1 release

Contributors

Languages