ILM (Identity Lifecycle Management) is a platform for effective and efficient trust lifecycle management for companies of any size and individuals. One of its goals is to provide an easy and affordable way to secure digital communication and support information security in more and more connected world.
ILM is released as a commercial open source project under the MIT License. Additional features and services are available under subscription plans. If you are interested in subscription, please contact us through OmniTrust Official Web or use the ILM Official email address email address.
ILM is designed and developed by a team of PKI and information security enthusiasts with practical point of view on the certificate management in hybrid environments. PKI is the backbone of security in our daily communication and its security and easy management should be available to everyone.
For comprehensive documentation, visit docs.otilm.com.
The ILM platform aims to provide easy, secure, and extensible features for certificate and identity lifecycle management. Among the features are:
- certificate management (issuing, revocation, renewal) through RA Profile and standard protocols
- cryptographic key management (generation, encryption, signing, etc.) through Token Profile
- secrets management (passwords, API keys, JWT tokens, cryptographic keys, keystores, key-value pairs) through Vault Profile with versioning, cross-vault synchronization, approval workflows, and compliance evaluation
- cryptographic bill of materials (CBOM) scanning and repository
- extensible connectors to support many technologies and implementations of certification authorities, credentials, discovery engines, cryptography, compliance, and more
- certificate searching in various sources
- consistent inventory of certificates and cryptographic keys (owners, groups, entities, profiles, and more)
- dashboard for monitoring and reporting
The platform is split into several components:
- interfaces (UIs, REST API, etc.)
- authentication and authorization
- core services provided by the platform (discovery, inventory, connectors, authorities, tokens, etc.)
- grouping and entity automation
- data storage
- connectors and functional groups and types (discovery provider, CA connector, credential provider, cryptography provider, etc.)
Components in the platform act as microservices and the main approach is to keep each service as a simple container.
| Repository | Description |
|---|---|
| core | Core of the platform managing certificate lifecycle management related tasks |
| auth | Authentication service for the platform |
| auth-opa-policies | OPA policies for evaluating access control permissions |
| scheduler | Scheduler of activities and tasks |
| interfaces | Interface definitions and common objects for the platform |
| utils-service | Utils service to support various certificate and key handling |
| dependencies | Common dependencies for Java projects |
| Repository | Description |
|---|---|
| fe-administrator | Administrator web interface |
| Repository | Description |
|---|---|
| cbom-lens | CLI tool to scan filesystems, containers, and network ports for cryptographic assets and generate a CycloneDX CBOM |
| cbom-repository | Repository for uploading, retrieving, and searching CBOM documents |
| Repository | Description |
|---|---|
| common-credential-provider | Common credential provider for working with basic credentials |
| ejbca-ng-connector | EJBCA NG connector for certificate management and discovery |
| pyadcs-connector | Connector for MS ADCS using Python |
| hashicorp-vault-connector | Connector to HashiCorp Vault PKI secrets engine |
| x509-compliance-provider | Compliance provider for X.509 certificates |
| ip-discovery-provider | Discovery provider to identify certificates on network |
| cryptosense-discovery-provider | Discovery provider for Cryptosense Analyzer reports |
| ct-logs-discovery-provider | Discovery provider for Certificate Transparency logs |
| keystore-entity-provider | Entity provider for managing certificates in Java Keystores |
| software-cryptography-provider | Cryptography provider for managing keys in software keystores |
| email-notification-provider | Email notification provider |
| webhook-notification-provider | Webhook notification provider |
| Repository | Description |
|---|---|
| cert-manager-issuer | cert-manager external issuer for Kubernetes |
| csc-api | Cloud Signature Consortium API implementation |
| mcp-server | ILM MCP Server |
| go-sdk | Go SDK for ILM platform |
| Repository | Description |
|---|---|
| helm-charts | Helm charts to install and maintain ILM |
| appliance | ILM virtual appliance |
| appliance-tools | Debian package with ILM appliance tools |
| keycloak-theme | ILM custom Keycloak theme |
| keycloak-optimized | Optimized Keycloak docker image |
| provisioning-rabbitmq | Provisioning service for RabbitMQ |
| Repository | Description |
|---|---|
| documentation | Platform documentation for contributors and developers |
| interface-documentation | Interface and API documentation |
Anyone can contribute to ILM and we would be happy to support you in that. See Contribution Guide for more information.
The ILM platform is released under the MIT License. Some connectors and user interfaces are released under their own licenses or subscriptions. Consult with us for more information.