ctlplne builds self-hosted systems for infrastructure teams that need custody, audit, and explicit state across machine identity, network telemetry, and the operational loops between them.
The first ctlplne systems target different infrastructure surfaces, but the contract is the same: self-hosted control, explicit state, bounded side effects, and evidence operators can trust.
Self-hosted control plane for non-human credentials: X.509 certificates, SSH certs, secrets, API keys, tokens, and SPIFFE workload identities. It discovers, issues, deploys, rotates, revokes, and retires them while private keys stay in an isolated process.
Self-hosted, multi-tenant network observability across five planes: active testing, BGP/routing intelligence, flow analytics, device telemetry, and eBPF host/L7. It is OpenTelemetry-native and keeps telemetry inside your network.
The umbrella for operator-owned systems built around custody, auditability, and production-grade control loops. Source and product work live in the ctlplne GitHub organization.
The ctlplne brand is grounded in the same promises the product READMEs make: self-hosting, tenant-aware control planes, auditability, and no quiet vendor custody over sensitive infrastructure data.
Explore the active products, read the docs, and keep the machine layer under your own operating boundary.