Athenz Logo

Athenz is an open source platform for X.509 certificate-based service authentication and fine-grained access control in dynamic infrastructures

Never Trust & Always Verify

Enable zero trust core principles like traffic encryption, AuthN, AuthZ, Dynamic Trust and least privilege access.

Fine-grained Authorization

Authorize all authenticated clients using fine-grained role-based (RBAC) access control.

X.509 Certificate Authentication

Service Identity in the form of short-lived X.509 certificates to all workloads deployed in private or public clouds. Stronger security by mTLS authentication.

Single Source of Truth

Consolidated service serving various downstream security implementations, including support for non-user entities.

Providing RBAC for your needs

Athenz is a set of services and libraries supporting role-based authorization (RBAC) for provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases to handle on-box enforcement. Learn More


A traditional centralized access control model requires any Athenz enabled application to contact Athenz Management Service directly to determine if a specific authenticated principal has been authorized to carry out the given action on the requested resource. Learn More


For use cases where latency is a concern, Athenz provides a decentralized model where the check to see if a given principal has been authorized to carry out the given action on the requested service is done on the host itself using the Athenz local policy engine library. Learn More

Getting Started

Explore the Athenz documentation and easily create a test development environment with ZMS (Athenz Management Service), ZTS (Athenz Token Service), and UI services. For reference implementation, visit the Java Client/Servlet or Go Client/Server example documentation.