Install Veirox Connect
One outbound-only Rust agent. Multi-arch, cosign-signed. Five-minute install on any Linux, Kubernetes, or edge target.
Pick your runtime
Recommended for VMs
Linux (systemd)
One-line install. Hardened systemd unit, runs as the veirox user.
Recommended for k8s
Helm overview
OCI-distributed chart with hardened pod security defaults.
Cloud
GKE (Google Cloud)
Workload Identity, Cloud NAT, Autopilot PSA, Gatekeeper.
Cloud
EKS (AWS)
IRSA, Security Groups for Pods, private API endpoint, Fargate.
Cloud
AKS (Azure)
Workload Identity, ACR pull, Azure Policy exemptions.
Self-managed
On-prem k8s
Private registry mirror, MITM CA, PSA, NetworkPolicy, OpenShift SCC.
Container
Docker Compose
Single-container deploy for VMs without systemd.
Container
HashiCorp Nomad
Sample job spec + Vault integration.
Offline
Air-gapped
Tarball install for hosts without internet egress.
Edge
Edge / Raspberry Pi
musl-static arm64 build for BusyBox / minimal hosts.
Security
Verify signatures
Cosign-verify every artifact before trusting it.
Concept
What is Veirox Connect?
Architecture, mTLS, 3-layer tenant verification.
Common steps
1
Mint a token
In the console at /console/<org>/connectors click "Mint enrollment token". Copy it — shown once.
2
Install the agent
Pick a runtime above. Pass the token via env var or Kubernetes Secret.
3
Verify it's connected
Watch the connector flip to "connected" in the console within ~30s. Tail the agent logs if it doesn't.
Supply chain
Every Veirox Connect artifact — binaries, deb/rpm/apk, Docker images, the Helm chart itself — is cosign-keyless signed via GitHub OIDC. Verify before you trust.
Public release artifacts live at github.com/veirox-cloud/veirox-dist. Source: veirox-cloud/veirox-connector (private).