Important
Under active development. Not production-ready.
InferaDB Control is the administration plane for InferaDB. It manages organizations, users, vaults, clients, and token issuance. Control authenticates operators via password, passkey, or OAuth, enforces RBAC across tenants, and issues vault-scoped JWTs consumed by the InferaDB Engine. Data is persisted to InferaDB Ledger for cryptographic auditability.
- Authentication — Password, passkey (WebAuthn), OAuth, email verification, PKCE CLI flow
- Multi-Tenancy — Organization-based isolation with role hierarchy (Owner > Admin > Member) and team permissions
- Vault Management — Policy containers with user and team access grants
- Client Auth — Ed25519 certificate lifecycle, RFC 7523 JWT assertions
- Token Issuance — Vault-scoped JWTs with refresh token rotation for Engine API
git clone https://github.com/inferadb/control && cd control
mise trust && mise install
cargo run --bin inferadb-control -- --dev-modeDev mode uses in-memory storage and auto-generates an Ed25519 identity. The REST API is available at http://localhost:9090.
Production:
inferadb-control \
--listen 0.0.0.0:9090 \
--storage ledger \
--ledger-endpoint http://ledger:50051 \
--ledger-client-id ctrl-prod-01 \
--ledger-namespace-id 1 \
--key-file /data/master.key \
--log-format json| CLI | Purpose | Default |
|---|---|---|
--listen |
HTTP bind address | 127.0.0.1:9090 |
--storage |
Storage backend: memory or ledger |
ledger |
--dev-mode |
In-memory storage, relaxed security | |
--key-file |
Path to Ed25519 PEM key | ./data/master.key |
--pem |
Ed25519 PEM string (alternative to --key-file) |
|
--ledger-endpoint |
Ledger gRPC endpoint | |
--ledger-client-id |
Ledger client identifier | |
--ledger-namespace-id |
Ledger namespace ID | |
--log-level |
trace, debug, info, warn, error |
info |
--log-format |
auto, json, text |
auto |
--frontend-url |
Frontend URL for CORS and email links | http://localhost:3000 |
See Configuration Reference for environment variables, email/SMTP setup, and all options.
mise trust && mise install
just build # Build workspace
just test # Run tests
just lint # Run clippy
just fmt # Format code
just ci # All checks- Getting Started — First steps with Control
- Configuration Reference — CLI flags, environment variables, email setup
- Authentication — Auth flows and session management
- Architecture — Crate structure and design decisions
- Deployment — Docker, Kubernetes, and Helm
- API Reference — OpenAPI specification
Join us on Discord for questions and discussions.
Dual-licensed under MIT or Apache 2.0.