Koios
Now in private beta

The infrastructure layer your devices are missing.

Edge-native PKI. Staged OTA rollouts. Live log streaming. Fleet telemetry on constrained devices. Koios is the operations layer between your firmware and your fleet.

Start DeployingTalk to an Engineer
Device observability terminal iconDevice Identity

Edge-Native PKI

Issue, rotate, and revoke device certificates — backed by HSMs, not hope.

Every device in your fleet gets a real X.509 certificate, issued from a chain of trust you control, authenticated with mutual TLS, and backed by keys that live in hardware security modules.

  • HSM-backed Key Encryption Keys
  • Bring Your Own CA or Managed CA
  • mTLS device authentication
  • Automated certificate lifecycle
  • Bulk factory provisioning
  • CRL/OCSP revocation
Koios PKI pki.koios.sh
Device observability terminal iconFirmware Delivery

OTA That Doesn't Brick Your Fleet

Canary → Staging → Production. Roll back in seconds if something breaks.

Define rollout rings and promote firmware through them as confidence builds. Health-check criteria gate every stage. If a canary device reports issues, the rollout pauses automatically.

  • Configurable rollout rings
  • Health-gated promotion
  • Automatic rollback
  • Encrypted firmware storage
  • Delta updates for bandwidth savings
  • CI/CD pipeline integration
v2.4.0 fota_signed.bin CANARY0/3STAGING0/20PRODUCTION0/200
Device observability terminal iconObservability

See Inside Every Device

Memory usage, stack depth, heap fragmentation — from 5,000 miles away.

Real-time and historical telemetry from every device in your fleet, including constrained microcontrollers. Fleet-wide aggregation with per-device drill-down.

  • Memory and CPU telemetry
  • Reboot reason classification
  • Custom application metrics
  • Fleet-wide aggregation
  • Threshold-based alerting
  • Lightweight MCU agent
Fleet Overview — 1,247 devices HEAP FREE 8KB WATERMARK 24KB CPU LOAD 26% DEVICE FW HEAP STATUS esp32-a4f8v2.3.138KBonlinestm32-b7c2v2.3.012KBonlinenrf91-d3e1v2.3.18KBwarningesp32-f9a0v2.2.82KBcritical
Device observability terminal iconLogging

Stop Shipping USB Cables

Stream logs from devices with kilobytes of RAM. Search, filter, alert in real time.

Structured log delivery from every device — even the ones running on a few kilobytes of RAM. Full-text search, severity filtering, and deployment correlation across your entire fleet.

  • Real-time log tailing
  • Structured key-value logging
  • Full-text search via OpenObserve
  • Automatic device context tagging
  • Deployment correlation
  • Configurable retention policies
koios logs tail --device esp32-a4f8

What you'd build yourself — if you had six months and an infrastructure team

Most IoT teams duct-tape five services together. Koios replaces the patchwork.

Device Identity icon Device Identity
Shared API keys or self-managed CA
HSM-backed PKI with BYOCA and mTLS
Firmware Updates icon Firmware Updates
Custom OTA server, no rollback
Staged rollout rings, health gates, auto-rollback
Log Collection icon Log Collection
MQTT → broker → ELK/Loki
Direct log streaming to managed OpenObserve
Device Monitoring icon Device Monitoring
Custom telemetry pipeline or nothing
Built-in memory, CPU, and resource telemetry
Certificate Rotation icon Certificate Rotation
Manual, if at all
Automated lifecycle with expiry alerts
Factory Provisioning icon Factory Provisioning
Scripts and spreadsheets
API-driven batch provisioning with audit trail

Security isn't a feature. It's the architecture.

Built on infrastructure you already trust. Every byte encrypted at rest and in transit. Keys stored in dedicated HSMs. We don't sell your data. Full stop.

AES-256 encryption icon

AES-256 at Rest

All data encrypted in storage

mTLS certificate chain icon

mTLS in Transit

Mutual authentication on every connection

HSM key storage icon

HSM Key Storage

Keys never exist in plaintext

SOC 2 audit icon

SOC 2 In Progress

Type II audit underway

Your devices are waiting.

Create a free account and deploy your first device in under ten minutes. No credit card required. No sales call. Just the docs, the API, and a dashboard that shows you exactly what your devices are doing.

Get Started FreeRead the Docs