Bifrost is a lightweight, extensible API proxy written in Go that enables secure delegation of API access through virtual keys. Instead of exposing long-lived secrets or API tokens to clients, Bifrost maps short-lived, scoped virtual keys to real credentials stored securely in Vault or other backends — and transparently proxies the request to the target API.
Built with Kubernetes in mind, Bifrost is designed to operate as a standalone proxy or as a Kubernetes Operator, making it easy to provision and manage virtual keys in cloud-native environments.
Define ephemeral, revocable keys mapped to long-lived secrets or tokens.
Inject real credentials into proxied requests without exposing them to the client.
Apply granular access policies per virtual key: rate limits, expiration, scope control.
Retrieve and manage secrets securely with native Vault support.
Deploy Bifrost as a Kubernetes operator with CRD support for virtual key management.
Log, trace, and monitor access by key, user, origin, or service.
Fast, type-safe, and built for performance and extensibility.
- Integration with Open Policy Agent (OPA) for dynamic authorization.
- Support for multiple target backends (OpenAI, Stripe, internal APIs).
- Web-based management dashboard for virtual keys.
- Optional JWT issuance or pass-through with verification hooks.