Zero-Trust Identity

GO-DUCK enforces a battle-hardened, identity-first firewall. Built on standard OIDC, our zero-trust architecture ensures every request is verified, authorized, and traced from the gateway to the database.

OIDC Hardened

Native integration with Keycloak for real-time JWT validation and anti-spoofing context verification.

RSA Signed WebSocket

Secure "REST-over-WS" implementation using HMAC-SHA256 signatures for total message integrity.

Zero-Trust Multi-Tenancy

No cross-tenant data leakage. Identity automatically selects the secure silo at the middleware layer.

The Secure Lifecycle

01

Protocol Verification

Every request—HTTP, gRPC, or WebSocket—is challenged for a valid OIDC identity. The generator automatically scaffolds the necessary middleware for each protocol.

gin.jwt kratos.authn 
// Example: JWTMiddleware automatically extracting Federated Role
authHeader := ctx.GetHeader("Authorization")
claims, _ := keycloak.Verify(authHeader)

// Silo matching happens here!
siloID := MapRoleToSilo(claims.RealmRole)

Silo Discovery & Privacy

Silo Discovery API

Authenticated users can discover their accessible silos via GET /api/silos/me. This allows front-end applications to build dynamic tenant selection interfaces.

GET /api/silos/me
[
  { "tenantId": "bc72-91a0...", "roleName": "branch_usa" }
]

HideSiloNames Toggle

For maximum zero-trust compliance, you can hide internal DB-Names from the discovery API by enabling the HideSiloNames toggle in application.yml.

go-duck:
  multitenancy:
    hide-silo-names: true

Anti-Burst Shielding
Distributed Protection.

Protect your infrastructure from "Noisy Neighbors" and NAT spoofing. Our Distributed Redis Rate Limiter tracks clients by Keycloak UserID—ensuring that limiting persists even if a user switches IPs or devices.

Redis-Backed Fixed-Window Limit
Identity-First Safe from NAT Spoofing

The Super Admin Boundary

Standard Business APIs

Endpoints under /api/* are accessible to any authenticated user with a valid silo mapping. These handle standard CRUD, Federated Search, and Usage Reporting.

/api/cars /api/silos/me /api/search/*

Confidential Control Plane

Sensitive endpoints under /management/* and /api/admin/* are restricted to the Super Admin Role defined in application.yml.

go-duck: security: super-admin-role: "platform_admin"
Confidential Mode Enabled

Ready for Production Security?

Deploy zero-trust identity across your cluster with one command.

Review Keycloak Setup