Auth that deploys like a sane piece of software.
Bastionary ships as a single Python process. It talks to Postgres. It exposes /health. It logs JSON. It handles its own DB migrations. You don't need a cluster, a cache layer, or a dedicated ops team to keep it running.
Everything you'd expect. Nothing you don't.
No JVM to tune. No XML configuration ceremony. No distributed session cache to wrangle. Just a process, a database, and the things you already know how to operate.
Docker-ready
Official Docker image. Single docker run to get started. Compose file in docs. HEALTHCHECK built in — Docker knows if the process is healthy without any extra wiring.
Kubernetes-native
Helm chart available. Exposes /health/live and /health/ready for proper liveness and readiness probes. Stateless compute layer — all state lives in Postgres. Scale replicas freely.
Postgres only
One database dependency. No Redis, no Infinispan, no Zookeeper. Bastionary manages its own migrations with bastionary migrate. No migration surprises on upgrade — the tool tells you exactly what will change.
Zero-downtime deploys
Bastionary is a stateless process. Rolling restart with a load balancer in front is all you need. No shared cache invalidation, no leader election, no quorum to achieve. Restart one, restart all — your choice.
Structured JSON logs
Every request, every auth event, every error emits structured JSON on stdout. Ships to your existing log aggregation pipeline — ELK, Datadog, Loki — without any adapter. It's just JSON. Parse it however you want.
Env-var configuration
Every setting is an environment variable. Works with Kubernetes secrets, AWS Parameter Store, HashiCorp Vault — whatever secret management you already use. No XML, no admin console bootstrap, no config files to template.
Observability out of the box.
Bastionary speaks the protocols your monitoring stack already understands. No custom exporters, no proprietary dashboards, no agent to install alongside it.
Returns {"status":"ok"} with a live Postgres connectivity check included. Use for basic uptime monitoring, load balancer health gates, and on-call alerting. Non-200 means something real is wrong.
Prometheus-format metrics endpoint: request count, auth success and failure rates, token issue counts, active session count. Scrape it with your existing Prometheus instance and drop it into Grafana. No plugin required.
Every auth event queryable via REST API. Filter by tenant, user, IP, event type. Tamper-evident SHA-256 chaining — each log entry includes the hash of the previous, so any deletion or modification is detectable downstream.
Upgrades that don't require a maintenance window.
Bastionary follows semantic versioning. Minor and patch releases are backwards-compatible with the same Postgres schema — docker pull bastionary:latest && docker restart and you're done. Major releases include a migration guide. We don't break schemas without a documented upgrade path.
# Upgrade Bastionary (minor/patch)
docker pull bastionary/bastionary:latest
docker stop bastionary
docker start bastionary
# That's it. No migration, no cache flush, no ceremony.
# Major upgrade
bastionary migrate --dry-run # Preview schema changes
bastionary migrate # Apply and verifySane infrastructure starts here.
The deployment docs cover Docker, Kubernetes, bare metal, and cloud-managed Postgres. Everything you need to go from zero to production in an afternoon.