Security & access
Enterprise-grade security, on your terms
Coswarm is built for teams that answer to security reviews. Access, encryption, approvals, and recovery are handled by default — and everything runs on infrastructure you own.
Out of the box
The controls, built in
No add-ons to bolt on and no security theatre — the guardrails teams actually get asked about ship with the platform.
- Encrypted overlay
- RBAC
- TLS everywhere
- Automated backups
- Self-hosted
Role-based access control
Grant the right people the right access. RBAC governs every user and action across the control plane.
Encrypted by default
Every service talks over an encrypted Docker Swarm overlay network — inter-node traffic is protected out of the box.
TLS everywhere
The smart proxy terminates SSL and serves HTTPS on your own domain, with certificate handling built in.
Data sovereignty
Coswarm runs entirely on your servers. Your workloads and data never leave the infrastructure you control.
Automated backups & recovery
Scheduled backups with multi-cloud storage targets and retention policies keep you a step from a clean restore.
Health checks & failover
Continuous health checks with automatic failover keep services available as nodes come and go.
RBAC
Least privilege by default
Fine-grained roles map create / read / update / delete permissions to every entity in the platform, and they are enforced on every action.
- Per-entity permissions
- Create / read / update / delete
- Roles mapped to users
- Enforced on every action
- Per-entity permissions
- Create / read / update / delete
- Roles mapped to users
- Enforced on every action
Authentication
Auth you can stand behind
Protect accounts with two-factor authentication and let people sign in with Google SSO, backed by JWT sessions.
- Two-factor auth (TOTP)
- Google OAuth SSO
- JWT sessions
- Configurable login methods
- Two-factor auth (TOTP)
- Google OAuth SSO
- JWT sessions
- Configurable login methods
Governance
Change control, built in
Require approval for sensitive changes with a full before/after diff, and keep an audit log of every action across the workspace.
- Approval workflows
- Before / after change diffs
- Full audit log
- Action attribution
- Approval workflows
- Before / after change diffs
- Full audit log
- Action attribution
Encryption
Encrypted by default
Services communicate over an encrypted overlay network, stored credentials are AES-encrypted, and traffic is protected by TLS and a WAF at the edge.
- Encrypted overlay network
- AES-encrypted credentials
- TLS at the edge
- OWASP WAF
- Encrypted overlay network
- AES-encrypted credentials
- TLS at the edge
- OWASP WAF
Built on the battle-tested stack your team already trusts.
- Docker
- PostgreSQL
- Linux
- Ubuntu
- Debian
- Let's Encrypt
Your own PaaS is one command away
Install Coswarm on your server and deploy your first container in minutes — free, self-hosted, and yours to keep.
$ curl -fsSL https://coswarm.dev/install.sh | bash