KeyBridge

A client-server platform to securely access applications in untrusted environments.

PythonRustTypeScriptAngularCyber SecurityIdentity Management
KeyBridge

The Problem

Imagine you have internal web apps that aren't really designed to be exposed to the internet — no proper authentication, no MFA, maybe just basic HTTP auth or nothing at all. You need people to access them, but you can't just open them up. You could set up a VPN, but that gives way too much network access. You could put them behind a reverse proxy with auth, but then you need to manage yet another system.

KeyBridge sits in front of those apps and adds proper authentication and access control without modifying the apps themselves. It integrates with LDAP, Active Directory, or RADIUS for identity, supports TOTP for 2FA, and controls who can access what.

The Architecture

The project is split across five repositories, each handling a different part of the system. The core idea is that a lightweight client runs on the user's machine, authenticates against the server, and only then gets access to the protected applications.

The Client

KeyBridge client in action
KeyBridge client in action

Written in Rust for performance and cross-platform support. It's a small native app that handles authentication, maintains the session, and auto-updates itself via GitHub Releases. Rust was the right call here — the client needs to be fast, reliable, and run on anything.

The API

A Python backend that handles all the auth logic, session management, and access control. It talks to your existing identity provider — whether that's Active Directory, an LDAP server, or RADIUS — so you don't need to manage a separate user database.

The Admin Frontends

Administration dashboard
Administration dashboard

Two Angular frontends — one for end users and one for administrators. The admin panel lets you manage protected applications, user access, and monitor sessions. The user-facing portal shows available apps and handles the login flow.

Features

Feature overview
Feature overview
  • LDAP, Active Directory, and RADIUS integration — use your existing identity infrastructure
  • Multiple 2FA methods including TOTP
  • Cross-platform Rust client that auto-updates via GitHub Releases
  • Web-based admin dashboard for managing access and monitoring sessions
  • Docker deployment with straightforward setup

Auto-Update

Auto-update mechanism
Auto-update mechanism

The client automatically fetches the latest version from GitHub Releases and keeps itself up to date. No manual downloads, no version mismatches — it just works.

Why I Built It

Working in IT security, I kept running into the same pattern: legacy internal tools that need to be accessible but have zero security built in. The usual answer is "just use a VPN" but that's a sledgehammer solution. KeyBridge is the scalpel — it gives authenticated, per-application access without exposing the entire network.

The project is closed source, but the repos are visible on GitHub. It was a great learning experience building something that spans Rust, Python, and Angular across five coordinated repositories.