otorga
v0.0.1
Published
Otorga - a consent layer for credentials. A local-first, self-hostable secrets broker that gates every secret access behind hardware-backed human approval, with full process-tree visibility and a tamper-evident audit trail. Under construction.
Maintainers
Readme
Otorga
A consent layer for credentials.
Otorga is a local-first, self-hostable secrets broker for developers. Secrets live as encrypted (SOPS + age) files in a git repo you host anywhere. A local daemon brokers every access: each request is gated behind hardware-backed human approval (YubiKey touch / Secure Enclave Touch ID), shows you the full process tree of what's asking, and is written to a tamper-evident audit trail.
In the age of autonomous agents and CI reaching for live credentials, the answer isn't to automate the human away - it's to make saying yes take one touch, and make saying yes safe.
- One touch per access, not one unlock per session.
- See what's asking (the full process tree), not just the foreground app.
- Git-native and self-hostable. No account, no SaaS in the trust path.
Status: under construction. This npm package reserves the name. The CLI ships as a portable binary (
oto). Follow along at https://otorga.sh.
License
Apache-2.0 (provisional - the client/CLI is intended to be permissively licensed).
