Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
- Maintainers
- 1
sovereign
Mission statement
This project implements a JSON control-plane based on the envoy data-plane-api
The purpose of sovereign is to supply downstream envoy proxies with dynamic configuration.
Mechanism of Operation
Sovereign allows you to define templates that represent each resource type provided by Envoy. For example, clusters, routes, listeners, secrets, extension_configs, etc.
In order to enrich the templates with data, Sovereign has ways of polling data out-of-band which it then includes as variables that can be accessed within the templates.
This allows Sovereign to provide configuration to Envoy that changes over time depending on the data sources, without needing to redeploy the control-plane.
Sovereign provides some built-in ways of polling data (such as over HTTP, or on-disk) but also exposes extension points, allowing you to write your own plugins in Python.
Support
If you're unable to submit an issue on Bitbucket, send an email to vsyrakis@atlassian.com
Release
See [RELEASE.md]
Roadmap
- Performance improvements
- Data persistence
- Push API (versus polling)
- Client for Sovereign
- gRPC
Requirements
- Python 3.8+
Installation
pip install sovereign
Documentation
Local development
Requirements
- Poetry
- Docker
- Docker-compose
Installing dependencies for dev
Dependencies and creation of virtualenv is handled by poetry
poetry install
poetry shell
Running locally
Running the test env
make run
Running the test env daemonized
make run-daemon
Pylint
make lint
Unit tests
make unit
Acceptance tests
make run-daemon acceptance
Contributors
Pull requests, issues and comments welcome. For pull requests:
- Add tests for new features and bug fixes
- Follow the existing style
- Separate unrelated changes into multiple pull requests
See the existing issues for things to start contributing.
For bigger changes, make sure you start a discussion first by creating an issue and explaining the intended change.
Atlassian requires contributors to sign a Contributor License Agreement, known as a CLA. This serves as a record stating that the contributor is entitled to contribute the code/documentation/translation to the project and is willing to have it used in distributions and derivative works (or is willing to transfer ownership).
Prior to accepting your contributions we ask that you please follow the appropriate link below to digitally sign the CLA. The Corporate CLA is for those who are contributing as a member of an organization and the individual CLA is for those contributing as an individual.
License
Copyright (c) 2018 Atlassian and others. Apache 2.0 licensed, see LICENSE.txt file.
Keywords
FAQs
Envoy Proxy control-plane written in Python
We found that sovereign demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025