Story

Hey HN!

We are building Thand, an open-source, distributed platform for Just-in-Time (JIT) access, authorization (PAM), and provisioning.

Why? I’ve been at various companies now; either having to raise tickets, waiting on internal processes to get access to systems, resources or SaaS tools. Or, having extremely elevated accounts all in one place and as a single point of failure when services go down just as you need them. None of the available PAM tools seemed easy to work with, so it got me seeking an alternative.

What is Thand? Thand is a lightweight, open source and self-hosted agent that runs locally or in your cloud environment. It orchestrates and distributes requests via durable workflows (via Temporal and CNCF Serverless workflows) to grant temporary access to resources or provision resources via its “providers”.

Unlike other tools, that are locked into particular cloud environments or SaaS providers. With Thand you deploy the agents with their respective access. Wherever, you need to get access to. Temporal can route the workflow execution to elevate or provision resources across multiple environments (cloud and local) and identities.

What's with the name? Thand is Sindarin, (‘Shield/Guard of the Forest’).

We are currently in preview and looking for feedback.

GitHub: https://github.com/thand-io/agent Docs: https://docs.thand.io Website: https://www.thand.io/

Thanks!