Ockam is a popular Open Source library that empowers you to build secure-by-design apps that can trust data-in-motion. Hundreds of developers have contributed to building, reviewing the codebase over the past 5 years.
With Ockam:
Impossible connections become possible. Establish secure channels between systems in private networks that previously could not be connected because it is either too difficult or insecure.
All public endpoints become private. Connect your applications and databases without exposing anything publicly.
At its core, Ockam is a toolkit for developers to build applications that can create end-to-end encrypted, mutually authenticated, secure communication channels:
From anywhere to anywhere: Ockam works across any network, cloud, or on prem infrastructure.
Over any transport topology: Ockam is compatible with every transport layer including TCP, UDP, Kafka, or even Bluetooth.
Without no infrastructure, network, or application changes: Ockam works at the application layer, so you don’t need to make complex changes.
While ensuring the risky things are impossible to get wrong: Ockam’s protocols do the heavy lifting to establish end-to-end encrypted, mutually authenticated secure channels
Traditionally, connections made over TCP are secured with TLS. However, the security guarantees of a TLS secure channel only apply for the length of the underlying TCP connection. It is not possible to connect two systems in different private networks over a single TCP connection. Thus, connecting these two systems requires exposing one of them over the Internet, and breaking the security guarantees of TLS.
Ockam works differently. Our secure channel protocol sits on top of an application layer routing protocol. This routing protocol can hand over messages from one transport layer connection to another. This can be done over any transport protocol, with any number of transport layer hops: TCP to TCP to TCP, TCP to UDP to TCP, UDP to Bluetooth to TCP to Kafka, etc.
Over these transport layer connections, Ockam sets up an end-to-end encrypted, mutually authenticated connection. This unlocks the ability to create secure channels between systems that live in entirely private networks, without exposing either end to the Internet.
Since Ockam’s routing protocol is at the application layer, complex network and infrastructure changes are not required to make these connections. Rather than a months-long infrastructure project, you can connect private systems in minutes while ensuring the risky things are impossible to get wrong.
🔗 Ockam's docs are LLM-ready: You can use https://docs.ockam.io/llms-full.txt to prompt large language models to understand and reason about Ockam using official documentation.
llms-full.txt with ChatGPT and CursorYou can prompt AI tools to use Ockam's documentation by referencing our LLM-ready index. This helps large language models answer your questions using trusted, up-to-date information.
Open and select GPT-4o.
Paste the following prompt:
Then ask your question. For example:
ChatGPT will now reference the docs listed in llms-full.txt to give more accurate answers.
Cursor supports web context and documentation lookups.
Open Cursor and activate the chat (Cmd+K or click the Chat icon).
Type:
Ask follow-up questions like:
Cursor will incorporate the docs into its responses, making code completions and suggestions more relevant to Ockam.
llms-full.txt?This file is part of the Model Context Protocol (MCP) — a standard that allows developers to expose their full documentation to AI tools in a structured way.
Use the full documentation at https://docs.ockam.io/llms-full.txt to answer questions about Ockam.Can I bring my own HSM or Key Vault to store Ockam keys?Use the full documentation at https://docs.ockam.io/llms-full.txt to help me with Ockam.Have the Ockam protocols been independently audited by cryptogrpahy experts?