Secrets are replaced at the network edge. Your application code never sees real credentials, eliminating accidental exposure.
eBPF-powered traffic redirection happens in kernel space, adding negligible overhead to your requests.
Works with standard Kubernetes Secrets. Add a label and Kloak handles the rest automatically.
Control which secrets can be used with which hosts. Prevent credential misuse with fine-grained access control.
No SDK required. Works with any language or framework. Use the hash placeholder in your config.
No bulky sidecars or complex CNI plugins. Kloak operates purely at the kernel level for maximum efficiency.
Fully open source under the AGPL-3.0 License. Inspect the code, contribute, and build with confidence.