Security & access

Enterprise-grade security, on your terms

Coswarm is built for teams that answer to security reviews. Access, encryption, approvals, and recovery are handled by default — and everything runs on infrastructure you own.

Coswarmcoswarm · request path Live

Out of the box

The controls, built in

No add-ons to bolt on and no security theatre — the guardrails teams actually get asked about ship with the platform.

  • Encrypted overlay
  • RBAC
  • TLS everywhere
  • Automated backups
  • Self-hosted

Role-based access control

Grant the right people the right access. RBAC governs every user and action across the control plane.

Encrypted by default

Every service talks over an encrypted Docker Swarm overlay network — inter-node traffic is protected out of the box.

TLS everywhere

The smart proxy terminates SSL and serves HTTPS on your own domain, with certificate handling built in.

Data sovereignty

Coswarm runs entirely on your servers. Your workloads and data never leave the infrastructure you control.

Automated backups & recovery

Scheduled backups with multi-cloud storage targets and retention policies keep you a step from a clean restore.

Health checks & failover

Continuous health checks with automatic failover keep services available as nodes come and go.

RBAC

Least privilege by default

Fine-grained roles map create / read / update / delete permissions to every entity in the platform, and they are enforced on every action.

  • Per-entity permissions
  • Create / read / update / delete
  • Roles mapped to users
  • Enforced on every action
Least privilege by default
  • Per-entity permissions
  • Create / read / update / delete
  • Roles mapped to users
  • Enforced on every action

Authentication

Auth you can stand behind

Protect accounts with two-factor authentication and let people sign in with Google SSO, backed by JWT sessions.

  • Two-factor auth (TOTP)
  • Google OAuth SSO
  • JWT sessions
  • Configurable login methods
Auth you can stand behind
  • Two-factor auth (TOTP)
  • Google OAuth SSO
  • JWT sessions
  • Configurable login methods

Governance

Change control, built in

Require approval for sensitive changes with a full before/after diff, and keep an audit log of every action across the workspace.

  • Approval workflows
  • Before / after change diffs
  • Full audit log
  • Action attribution
Change control, built in
  • Approval workflows
  • Before / after change diffs
  • Full audit log
  • Action attribution

Encryption

Encrypted by default

Services communicate over an encrypted overlay network, stored credentials are AES-encrypted, and traffic is protected by TLS and a WAF at the edge.

  • Encrypted overlay network
  • AES-encrypted credentials
  • TLS at the edge
  • OWASP WAF
Encrypted by default
  • Encrypted overlay network
  • AES-encrypted credentials
  • TLS at the edge
  • OWASP WAF

Built on the battle-tested stack your team already trusts.

  • Docker
  • PostgreSQL
  • Linux
  • Ubuntu
  • Debian
  • Let's Encrypt
Coswarm

Your own PaaS is one command away

Install Coswarm on your server and deploy your first container in minutes — free, self-hosted, and yours to keep.

bash install.sh
$ curl -fsSL https://coswarm.dev/install.sh | bash