Elder

*

*Limited AGPL v3 with preamble for fair use - Personal and Internal Use Only

███████╗██╗     ██████╗ ███████╗██████╗
██╔════╝██║     ██╔══██╗██╔════╝██╔══██╗
█████╗  ██║     ██║  ██║█████╗  ██████╔╝
██╔══╝  ██║     ██║  ██║██╔══╝  ██╔══██╗
███████╗███████╗██████╔╝███████╗██║  ██║
╚══════╝╚══════╝╚═════╝ ╚══════╝╚═╝  ╚═╝

Entity, Element, and Relationship Tracking System

Enterprise-grade infrastructure dependency tracking and visualization

Elder is a comprehensive entity, element, and relationship tracking system designed for modern infrastructure management. Track dependencies, visualize relationships, and maintain control across complex organizational structures.

🌐 Website | 📚 Documentation | 💬 Discussions

Overview

Elder provides visibility into your infrastructure and organizational relationships through:

• Entity Tracking: Datacenters, VPCs, Compute, Network, Storage, Security, and Applications
• Data Store Tracking: S3, GCS, Azure Blob, NAS, SAN, databases with compliance metadata
• Dependency Mapping: Visualize relationships between entities
• Organizational Hierarchy: Manage Company → Department → Team structures
• Unified IAM: Manage identities across AWS, Azure, GCP, Okta, LDAP with group management
• SSO Integration: SAML 2.0, OpenID Connect (OIDC), and SCIM 2.0 provisioning
• Secrets Management: Integrate with Vault, AWS Secrets Manager, GCP Secret Manager
• Network Topology: Track VPCs, subnets, peering, VPN connections
• Project Sync: Bi-directional sync with GitHub, GitLab, Jira, Trello, OpenProject
• Enterprise Features: Audit logging, RBAC, MFA, SSO, multi-tenant, license management

Screenshots

Login & Dashboard

Login

Dashboard

Asset Management

Organizations	Entities
Software	Services
Data Stores (v3.0.0)	Dependencies

Project Tracking

Projects

Issues

Security & Identity

Identity Center	Secrets Management
API Keys	Certificates

Discovery & Profile

Discovery

Profile

Key Features

Core Capabilities

• ✅ Multi-Entity Support: 8 entity categories with 30+ sub-types
• ✅ Hierarchical Organizations: Unlimited depth organizational structures
• ✅ Dependency Graphs: Visualize complex entity relationships
• ✅ Full RBAC: Role-based permissions with org-scoped access
• ✅ Multi-Auth: Local, SAML, OAuth2, OIDC, and LDAP authentication
• ✅ RESTful & gRPC APIs: Complete API coverage
• ✅ Audit Logging: Comprehensive audit trail for compliance

v3.0.0 Highlights (Latest)

• OpenID Connect (OIDC): Full OIDC support alongside SAML for SSO integration
• Data Stores Tracking: Track S3, GCS, Azure Blob, NAS, SAN, databases, and data lakes with compliance metadata (PII, PHI, PCI flags)
• Group Membership Management: Approval workflows, access requests, owner reviews, and multi-provider write-back (LDAP + Okta)
• Okta Connector: Full Okta identity provider with bidirectional sync and group management
• SCIM 2.0 Provisioning: Complete SCIM user provisioning with JIT provisioning support
• Enhanced Key Management: Improved crypto key schema with provider ARN, key types, and state tracking

v2.x Highlights

• Unified Identity Center: Single page for all identity types (Users, Groups, Service Accounts, API Keys)
• Multi-backend Secrets: HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, Infisical
• Network Topology: VPCs, Subnets, Firewalls, Load Balancers with connection mapping
• Project Sync: Bi-directional sync with GitHub, GitLab, Jira, Trello, OpenProject
• Cloud Connectors: AWS, GCP, Kubernetes, Google Workspace, LDAP, iBoss, vCenter, FleetDM
• SSL/TLS Certificate Management: Track certificates with expiration, renewal, and compliance
• Village ID System: Universal hierarchical identifiers for all resources

License Tiers

Elder uses a fair-use licensing model with the Limited AGPL v3 license:

• Personal & Internal Use: Free for individual and internal organizational use
• Commercial Use: Requires a commercial license from Penguin Tech Inc
• Modifications: Must be shared under the same license terms (AGPL)
• SaaS Deployment: Requires commercial license if providing Elder as a service

For commercial licensing inquiries: sales@penguintech.io

Quick Start

Prerequisites

• Docker & Docker Compose V2: Required for all services
• Python 3.12+: Backend API (included in Docker)
• Node.js 18+: Web UI build (included in Docker)
• PostgreSQL 17: Database (included in Docker Compose)
• Redis 7: Cache and session storage (included in Docker Compose)

Installation

# Clone the repository
git clone https://github.com/penguintechinc/elder.git
cd elder

# Run setup
make setup

# Edit configuration
nano .env

# Start development environment
make dev

Access the services:

• Elder Web UI: http://localhost:3005
• Elder API: http://localhost:4000
• API Docs: http://localhost:4000/api/docs

Docker Deployment

# Start all services
docker-compose up -d

# Check health
curl http://localhost:4000/healthz

Configuration

Key environment variables:

# Database (PyDAL supports PostgreSQL, MySQL, SQLite, Oracle, MSSQL)
DATABASE_URL=postgresql://elder:password@localhost:5432/elder

# Redis
REDIS_URL=redis://:password@localhost:6379/0

# Authentication
SAML_ENABLED=true
OIDC_ENABLED=true
OAUTH2_ENABLED=true
LDAP_ENABLED=true

# License (optional)
LICENSE_KEY=PENG-XXXX-XXXX-XXXX-XXXX-XXXX

# Admin User
ADMIN_USERNAME=admin
ADMIN_PASSWORD=change-me
ADMIN_EMAIL=admin@example.com

Architecture

┌─────────────────────────────────────────────────────────┐
│                    Client Layer                         │
│  React UI │ REST Clients │ gRPC Clients                 │
└─────────────────────────────────────────────────────────┘
                            │
┌─────────────────────────────────────────────────────────┐
│                   API Layer                             │
│  Flask REST │ gRPC Server │ WebSocket                   │
│  JWT Auth │ RBAC │ Rate Limiting                        │
└─────────────────────────────────────────────────────────┘
                            │
┌─────────────────────────────────────────────────────────┐
│                   Data Layer                            │
│  PyDAL (PostgreSQL, MySQL, SQLite, etc.)               │
│  Redis (Cache, Sessions)                                │
└─────────────────────────────────────────────────────────┘

Technology Stack

• Backend: Flask (Python 3.13), PyDAL
• Frontend: React, TypeScript, Vite, Tailwind CSS, ReactFlow
• Database: PostgreSQL (recommended), MySQL, SQLite, Oracle, MSSQL
• Cache: Redis / Valkey
• APIs: REST (OpenAPI 3.0), gRPC
• Auth: JWT, SAML, OIDC, OAuth2, LDAP, SCIM 2.0
• Connectors: AWS, GCP, Kubernetes, Okta, LDAP, vCenter, FleetDM, iBoss
• Monitoring: Prometheus, Grafana

Documentation

Document	Description
API Reference	REST & gRPC API documentation
Database Schema	Database structure and PyDAL usage
Sync Documentation	Project management sync setup
Backup Configuration	S3 backup setup
Usage Guide	User guide and workflows
Contributing	Contribution guidelines
Release Notes	Version history

Development

# Development
make dev              # Start postgres and redis
make dev-api          # Start Flask API
make dev-all          # Start all services

# Testing
make test             # Run all tests
make lint             # Run linters
make format           # Format code

# Docker
make docker-build     # Build Docker image
make docker-scan      # Scan for vulnerabilities

Security

• ✅ Multi-factor authentication
• ✅ Fine-grained RBAC with org-scoped permissions
• ✅ TLS 1.3 enforcement
• ✅ Input validation with PyDAL validators
• ✅ SQL injection prevention
• ✅ Audit logging
• ✅ Container scanning with Trivy

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

License

Elder is licensed under the Limited AGPL v3 with Fair Use Preamble. See LICENSE.md for details.

License Highlights:

• Personal & Internal Use: Free under AGPL-3.0
• Commercial Use: Requires commercial license
• SaaS Deployment: Requires commercial license if providing Elder as a service

Contributor Employer Exception (GPL-2.0 Grant)

Companies employing official contributors receive GPL-2.0 access to community features:

• Perpetual for Contributed Versions: GPL-2.0 rights to versions where the employee contributed remain valid permanently, even after the employee leaves the company
• Attribution Required: Employee must be credited in CONTRIBUTORS, AUTHORS, commit history, or release notes
• Future Versions: New versions released after employment ends require standard licensing
• Community Only: Enterprise features still require a commercial license

This exception rewards contributors by providing lasting fair use rights to their employers. See LICENSE.md for full terms.

Support

• Company Homepage: www.penguintech.io
• Documentation: docs.penguintech.io/elder
• Issues: GitHub Issues
• Email: support@penguintech.io

Default Login Credentials

For local development and testing, Elder creates a default admin user:

Field	Value
URL	http://localhost:3005
Email	admin@localhost
Password	admin123
Tenant	System (ID: 1)

Warning: Change the default password immediately in production environments by setting the ADMIN_PASSWORD environment variable before first startup.

---

Elder - Know Your Infrastructure, Understand Your Dependencies

© 2025 Penguin Tech Inc. All rights reserved.