{"slug": "show-hn-cordium-foss-sandbox-platform-that-eliminates-credential-injection", "title": "Show HN: Cordium: FOSS sandbox platform that eliminates credential injection", "summary": "Cordium, a new open-source sandbox platform built on Kubernetes and Octelium, eliminates credential injection by providing identity-based, secretless remote access to infrastructure for developers and automated workloads. The platform, which serves as a self-hosted alternative to GitHub Codespaces and AI sandbox products like E2B, uses an identity-aware proxy to hold credentials outside the sandbox environment. Cordium is released under Apache 2.0 for self-hosting with no plans for a commercial version.", "body_md": "Hello HN, Cordium is a general-purpose sandbox platform built on Kubernetes and Octelium, may main work [https://github.com/octelium/octelium](https://github.com/octelium/octelium), that can be used for various use cases, including coding for developers with VSCode, Zed, etc. (i.e. self-hosted GitHub Codespaces alternative), AI agent tasks (i.e. FOSS alternative to AI sandbox products such as E2B, Daytona, etc.), CI/CD workloads (e.g. building and publishing Docker images etc.), and more importantly for secretless remote access to infrastructure for devs and automated workloads.\n\nThe main _differentiator_ here, compared to other dev environments and sandbox platforms, is that Cordium automatically provides identity-based, secretless secure access to resources/infrastructure (e.g. APIs, SSH, databases, k8s, etc.) without having to inject credentials (e.g. API keys, SSH private keys, database passwords, etc.) into the sandbox where the upstream credential is held by the identity-aware proxy of the Octelium-protected resource outside the reach of the sandbox. You can simply think of it as a sandbox + ZTNA/remote-access-VPN baked-in where access to infrastructure is based on identity and policy-as-code rather than credentials.\n\nCordium is a purely FOSS project under Apache 2.0 that's meant for self-hosting and there are no plans for a pro/SaaS/cloud version. The development of the project started back in 2022 and it is already being used by a few organizations that use Octelium since last year. Happy to answer any questions.\n\nComments URL: [https://news.ycombinator.com/item?id=48344623](https://news.ycombinator.com/item?id=48344623)\n\nPoints: 2\n\n# Comments: 0", "url": "https://wpnews.pro/news/show-hn-cordium-foss-sandbox-platform-that-eliminates-credential-injection", "canonical_source": "https://github.com/octelium/cordium", "published_at": "2026-05-31 10:41:00+00:00", "updated_at": "2026-05-31 11:17:09.356459+00:00", "lang": "en", "topics": ["ai-tools", "ai-infrastructure", "ai-agents", "ai-products", "ai-startups"], "entities": ["Cordium", "Octelium", "Kubernetes", "GitHub Codespaces", "E2B", "Daytona", "VSCode", "Zed"], "alternates": {"html": "https://wpnews.pro/news/show-hn-cordium-foss-sandbox-platform-that-eliminates-credential-injection", "markdown": "https://wpnews.pro/news/show-hn-cordium-foss-sandbox-platform-that-eliminates-credential-injection.md", "text": "https://wpnews.pro/news/show-hn-cordium-foss-sandbox-platform-that-eliminates-credential-injection.txt", "jsonld": "https://wpnews.pro/news/show-hn-cordium-foss-sandbox-platform-that-eliminates-credential-injection.jsonld"}}