Contact Us

Build Trust

  • Integrity
  • Authenticity
  • Privacy
  • Control

Trust for Data-in-Motion

Modern applications are distributed and have an unwieldy number of interconnections that must trustfully exchange data.

To build trust for data-in-motion, applications need end-to-end guarantees of data authenticity, integrity, and confidentiality. Ockam empowers you to build applications that are private, and secure-by-design.

Orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.

Code block 1


Join our Open Source community, start a discussion, or file an issue - or just say Hello.

GitHub Discussions


Let’s build an application, together, in this step-by-step guide to Ockam.

User Guide


Sign up for Ockam Orchestrator and Build Trust across all of your applications and services.

AWS Marketplace

Ockam is Simple to Use

Code block 2
Infrastructure background image

What you Build is Complex Infrastructure

A lot happened in this demo.

We started two applications; server_sidecar and an client_sidecar. Each is local but, imagine that these applications were in two separated private networks. Each application then generated a unique Cryptographic Identity and a Vault to protect it.

The server_sidecar used Ockam Orchestrator to register an address with an Ockam Relay. A Relay can transparently forward messages to the to client_sidecar - even if its running behind a NAT without an exposed port.

The server_sidecar started a Secure Channel Listener and waited for an authenticated channel to be established.

Next, the server_sidecar used Ockam Orchestrator to create a mutually authenticated, end-to-end encrypted, bi-directional, Secure Channel to the echo_service.

Infrastructure image

Features of Ockam

Managing data in motion is really, really hard. We’ve thought of the details and have reduced the vulnerability surface of your data to something manageable.

Learn More

Developer First

Stripe did it for payment rails.

Twilio did it for telecom.

Ockam abstracts away complex infrastructure and cryptography orchestration to empower millions of developers.

Cloud Native

Ockam is built for enterprise scale.

Add-ons are ready-made connectors to your hosted authentication, database, and message broker services.

Open Source

Ockam’s protocols become ever more secure through transparency, community feedback, and scrutany.

Add-ons can be built by anyone to create new hardware key vaults or cloud service connectors.

Zero Trust

Ockam messaging is *actually* end-to-end encrypted, so it can trustfully move data across networks that should not be trusted.

Transports are agnostic and pluggable so Ockam’s protocols can work across any network topology.

Key Management

Private keys are created inside of all of your applications. They never leave the hardware environment.

Orchestration, revocation, and rotation of keys are built in, so you have one less thing to worry about.

BYO Auth Engine

Ockam Add-ons empower you to use your existing authentication, attribute-based (ABAC) authorization tools.

Bring your own Okta, Auth0, OAuth, AWS, Azure, Google or Web3 IAM tools. Ockam has an Add-on for that!

How is Ockam Used?

Ockam can, and should, be used between every application, everywhere.

Orchestrate at Scale image

Orchestrate at Scale

Modern applications are made up of an unmanageable number of ephemeral microservices. They are distributed, multi-cloud, and rely upon dozens of cloud marketplace services. With so many endpoints that need to interoperate, it’s become impossible to manage.

Ockam’s key generation and handshake protocols allow for dynamic, massive-scale orchestrations across complex network topologies.

Learn more
Get Out of the Middle image

Get Out of the Middle

You are building an app that moves data from over-there to over-there. Perhaps it’s a message service like Kafka or RabbitMQ?

You don’t want to be liable for data that moves through your service; Particularly if its HIPAA or PCI protected data!

Ockam’s end-to-end encryption originates at the data-source and terminates at the data-target , so your app-in-the-middle can not decipher data-in-motion.

Learn more
Trust Anything, Anywhere image

Trust Anything, Anywhere

If you access data in a VPC, you are exposing your applications to threats by exposing your VPC to the internet.

Ockam’s inlets and outlets create topologies that eliminate threats from the internet for applications in VPCs. Effectively, your data can move from from VPC to VPC without exposing either application to the internet. Virtually, the applications are running next to each other in the same environment.

Learn more

Ockam is for Everyone

We built Ockam with all builders in mind. We have two different configurations for you to choose from:

Open Source

The Tools for Builders

Ockam Open Source can be used for small scale projects, with simple architectures, that can be manually configured.

Ockam Open Source has all of the Ockam protocols, tools, and programming libraries that a developer needs to Build Trust.

  • Scale: Maually configurable
  • Key generation and storage
  • Secure Channels
  • End-to-end encrypted messagaging
  • Ready-to-use Packages
  • Community Supported
  • Apache 2 License


The Service for Enterprises

Ockam Orchestrator is a fully-managed cloud service that includes all of the features and tools of Ockam Open Source. Orchestrator also has all of the features that you need to collaborate with your team, to integrate with automated infrastructure, to connect with data-layer stores and message brokers, and to facilitate massive scale throughput.

  • Scale: Automation-required
  • Key policy management
  • Add-on connectors to data services
  • Atribute Based Access Controls (ABAC)
  • Message delivery guarantees
  • Enterprise-grade support
  • AWS Marketplace
Stars icons image
OSS Contributors
OSS Contributors icons image
Crate Downloads
Crate Downloads icons image

Developers Love Ockam

Build a Demo App

© 2022 All Rights Reserved