Ferriskey
FerrisKey

A Modern IAM Built
for Distributed
Systems

FerrisKey is an open-source, cloud-native Identity & Access Management platform designed for Kubernetes, multi-tenancy, and modern security architectures.

Open source
Apache 2.0
Early Access · v0.6.0
CONSUMERS Web App Mobile App API / CLI End Users FerrisKey IAM PLATFORM Kubernetes ArgoCD Prometheus OpenTelemetry IAM as the single identity layer across your entire stack

Why now

Every IAM was built for the monolith era. Cloud-native needs more.

Wiring identity into a modern stack means stitching together password storage, MFA, OIDC, sessions, audit, federation, and policy across fragmented systems — with no unified audit trail and no consistent policy. FerrisKey unifies everything behind one Rust-native service.

Compare with:

Built in-house

7+
Code paths your app owns
Auth code lives in every app Audit and policy stay scattered Full control, full ownership Long-term maintenance load

With FerrisKey

1
Service to call
One IAM service Unified audit trail Consistent policy One API to integrate

Why FerrisKey

Identity infrastructure for cloud-native platforms, without legacy IAM complexity.

Identity & Access Management is the backbone of any secure platform. It controls who can authenticate, what they are authorized to do, and how every access event is tracked across every service, team, and environment in your infrastructure.

Without a solid IAM foundation, teams end up with fragmented auth logic scattered across services, no unified audit trail, and security gaps that grow with every new product. FerrisKey addresses this with a unified, operator-first approach designed for distributed systems from day one.

Rust-native performance

Built in Rust from the ground up — not ported or wrapped. A ~10MB binary, sub-10ms auth latency, and a predictable memory footprint that holds under sustained load.

~10MB binary <10ms latency No GC pauses Memory safe

Deploy & manage your way

FerrisKey ships with first-class tooling for every ops workflow — from local testing to production GitOps pipelines. No custom scripting required.

Helm chart Kubernetes Operator ArgoCD Docker Compose

Event-driven extensibility

Every identity event — login, token issuance, policy change, realm update — emits a structured event you can consume to trigger webhooks, sync to your data lake, or drive custom workflows without patching the core.

Webhooks Kafka / NATS (soon)

CNCF ecosystem integration

FerrisKey is designed to fit naturally into cloud-native stacks. Native integrations with the tools your platform team already runs — no adapters, no workarounds.

Prometheus OpenTelemetry OPA (soon) AuthZen

Compare

How FerrisKey stacks up against the IAM you already know.

Quick, factual comparison with the IAM tools teams reach for first. Same protocols on the surface, very different shapes underneath.

Criteria
FerrisKey
Keycloak
Auth0
Authentik
Ory
Runtime Rust Java / JVM SaaS only Python Go
License Apache 2.0 Apache 2.0 Commercial MIT Apache 2.0
Memory footprint ~10 MB ~500 MB ~200 MB ~80 MB / svc
Cold start < 1 s 10–30 s ~5 s ~2 s
Self-hosted Yes Yes No Yes Yes
Multi-tenancy Realms Realms Tenants Brands Projects
Kubernetes operator Yes Yes No partial helm only
OIDC / OAuth2 Yes Yes Yes Yes Yes
MFA built-in Yes Yes Yes Yes Yes
Modular architecture Yes SPI extensions No No Split services
AuthZen-ready planned No No No Keto ReBAC
Memory and cold-start figures are typical for a small production instance. Last reviewed May 2026.

Live

Every identity event, streamed and auditable.

Sign-ins, MFA challenges, token issuance, role changes, federation events — FerrisKey writes them all to one structured stream. Tail it, ship it to your SIEM, or replay it.

12.4k
events / sec at p50
realms watched in parallel
< 5 ms
audit write p99
  • OIDC alice@acme.com signed in via Google 12 ms
  • MFA bob@globex.com authenticated with WebAuthn 8 ms
  • TOKEN service:billing received access_token 4 ms
  • ROLE admin granted editor → carol@globex.com 11 ms
  • FED alice@acme.com linked Google identity 87 ms
  • AUDIT charlie@acme.com viewed user list 3 ms
  • WARN 3 failed logins for eve@acme.com blocked
  • PASSKEY dan@acme.com registered a passkey 145 ms
format: jsonl · ndjson → webhooks · siem · s3

Interface

Built for clarity, designed for speed

A clean admin UI to manage your realms, clients, users and permissions — without getting lost.

Modules

Everything you need to build

Purpose-built systems for authentication, audit, federation, and more. Each module owns a specific aspect of identity — composable, extensible, and production-ready.

TOTP WebAuthn Magic Links Recovery Codes Google SSO GitHub SSO Discord SSO Custom OIDC Audit Events Event Streaming Conditional Flows Step-Up Auth JWT Claims Custom Scopes Protocol Mappers Webhooks Passkeys Token Introspection Realm Isolation PKCE TOTP WebAuthn Magic Links Recovery Codes Google SSO GitHub SSO Discord SSO Custom OIDC Audit Events Event Streaming Conditional Flows Step-Up Auth JWT Claims Custom Scopes Protocol Mappers Webhooks Passkeys Token Introspection Realm Isolation PKCE

Built for every identity scenario

From passwordless auth to enterprise federation — the primitives are there, composable by design.

Official modules, zero hunting

MFA, federation, audit, webhooks — every critical identity concern solved with a dedicated module. No glue code, no compatibility roulette.

View all modules
Trident SeaWatch Compass Abyss Aegis Webhooks

Open source

Released in the open, with every change in plain sight.

Public release notes, public roadmap, public contributors — no surprises in how Ferriskey grows.

Releases

Release Notes
May 6 v0.6.0 v0.6.0 May 6 v0.6.0-rc1 v0.6.0-rc1 Apr 11 v0.5.0 v0.5.0 Apr 11 v0.5.0-rc1 v0.5.0-rc1 Mar 24 v0.4.3 v0.4.3 Mar 24 v0.4.3-rc1 v0.4.3-rc1

Built in the open.
Secured by design.

No lock-in, no black boxes. Audit the code, contribute, or fork it — Ferriskey belongs to the community.

Apache 2.0

OSS Stats

593 github stars 76 forks 41 contributors 6 releases NathaelB LeadcodeDev leroyguillaume jorisvilardell TanzilIslam NobinKhan poptart-coral Courtcircuits JunaYa hocman2 mvanhorn chojuninengu Akagi201 Nkwenti-Severian-Ndongtsop baptistebronsin luisRubiera Ptrskay3 jorgecarleitao debtquity CePseudoBE luckywemo theotchlx thomas-brn sirodoht SkyzcYou sathyajithps sameo cheleb NolwennD nicolasvedrenne mouhsen-ibrahim vkmrishad mikhailofff metakernel MathiasP39 markschmid JeremyLARDENOIS kurama davidaparicio

Team

Meet the core team

The people behind Ferriskey — building secure identity infrastructure in the open.

Nathael Bonnal

Nathael Bonnal

Co-Founder & Software Engineer

Baptiste Parmantier

Baptiste Parmantier

Co-Founder & Software Engineer

Guillaume Leroy

Guillaume Leroy

Platform Engineer

Joris Vilardell

Joris Vilardell

Software Engineer

Luis Rubiera

Luis Rubiera

CTO @ Cloud-IAM

Partners

Proudly supported by our partners

These companies and projects keep Ferriskey thriving. Their support funds development, maintenance, and community growth — allowing us to stay independent and focused on building the best IAM we can.

Become a partner
Cloud IAM Gilded Health Nudibranches Natalia Your Logo

Supporters

Mineral Polytech Montpellier

Blog

Latest articles

Stay up to date with the latest news and updates.

Who are you, and what are you doing here?
iamidentity

Who are you, and what are you doing here?

Understand IAM from scratch, and discover FerrisKey.

View all articles

Ready when you are

Your identity layer, your rules.

Self-hosted, Apache 2.0, built in Rust. Deploy Ferriskey in minutes and own your authentication stack — no vendor, no lock-in.

View on GitHub