Signed. Sealed. Verifiable.

Identity infrastructure built like bonded bourbon: proven, traceable, trusted.

Cask Trust is an open source trust stack for organizations that need strong identity, secure certificate issuance, resilient naming, and modern access control without vendor lock-in.

Explore Products For Developers
Cask Trust emblem

The Suite

One chain of trust, six production-grade services

CaskDS

LDAP directory service with Kerberos support for authoritative identity and policy.

CaskCA

Feature-rich, highly secure certificate authority with auditable issuance workflows.

CaskDNS

Full-featured DNS authoritative nameserver plus recursive resolver for reliable name services.

CaskSSO

Single sign-on platform supporting SAML, OAuth/OIDC, RADIUS, and TACACS+.

CaskMDM

Mobile device management for secure enrollment, policy enforcement, and lifecycle control.

CaskManager

Unified web management for operating, monitoring, and scaling all Cask services.

Why Cask Trust

From Bottled-in-Bond bourbon to modern digital trust

In the 19th century, bourbon could be altered at any stage before it reached the customer. The 1897 Bottled-in-Bond Act changed that by enforcing provenance, custody, and verification. A sealed and stamped bottle became a trustworthy artifact.

Cask Trust applies the same principle to identity systems. Every service in the stack contributes to an auditable chain of trust: directory, certificates, DNS, Kerberos realm, and access control, operated as one coherent platform.

Built In The Open

Designed for operators and contributors

For users

  • Integrated trust services that work together as one auditable platform.
  • Modular components that can be adopted incrementally.
  • Secure defaults focused on least privilege and observability.

For developers

  • Open source foundations with transparent architecture.
  • Clear service boundaries for testing and contribution.
  • Pragmatic workflows for extending identity and trust capabilities.