Lane7 Blueprints Documentation

Welcome to the official documentation for Hopr Lane7 Blueprints - simple and fast Kubernetes deployment packages for building application networks that are "secure by default". Lane7 Blueprints are powered by Hopr's Workload Security Proxy (WoSP).

What are Lane7 Blueprints?

Lane7 Blueprints are pre-configured, production-ready Kubernetes deployments that leverage Hopr's proprietary WoSP technologies for true Zero Trust application networks that are protected by an Automated Moving Target Defense (AMTD). The defense rigorously protects access to each pod and their data traffic with other pods in the network. Each blueprint is a complete, working application network with customizable apps to satisfy a variety of use cases and your own business logic.

New to Lane7?

Start with our Quick Start Guide to deploy your first privacy-preserving application network in minutes.

Key Features

• Security First

  ---

  WoSP sidecars ensure Zero Trust identity verification and secure communication using proven post-quantum cryptography

• Kubernetes Native

  ---

  Deploy with standard kubectl apply - works on any K8s cluster (local or cloud)

• Production Ready

  ---

  Battle-tested configurations with monitoring, logging, and security best practices built-in

• Fully Customizable App

  ---

  Well-documented Python codebase designed for easy replacement of business logic without affecting networking and comms

Quick Start

# 1. Obtain your blueprint package
# Visit https://hopr.co/lane7-blueprints#L7-catalog, select a free or paid blueprint, complete verification, and download

# 2. Extract and review the bluepring bundle. (a Free Bi-Pod Blueprint is use as an example)
unzip hopr-free-bi-pod-#########.zip
cd bi-pod-blueprint

# 3. Locate any pod-# subdirectory and view the 02-secrets-pod-#.yaml to see your Hopr credentials
pod-1/02-secrets-pod-1.yaml

# your HOPR_LICENSE, HOPR_KEY, HOPR_API_TOKEN, and registry credentials are ready for deployment

# 4. Deploy both pods to your Kubernetes cluster
kubectl apply -f pod-1/ -f pod-2

# 5. Verify deployment
kubectl get pods -A  # confirms the pods are running with 3 containers
kubectl logs -n web-app-1 -l app=web-app-pod-1 -c web-app --follow

What You'll Learn

This documentation covers:

• Getting Started - Installation, prerequisites, first deployment
• Core Concepts - WoSP networking, privacy architecture, Hopr's technology
• Blueprint Patterns - Descriptions of the basic blueprints and their components
• Configuration - Manifests, secrets, customization options
• Deployment - Local (K3d), cloud (GKE/EKS/AKS), and multi-pod setups
• Troubleshooting - How to identify and solve common issues that confront users
• Developer Guide - Modifying application logic, testing, debugging

Blueprint Pod Architecture

Blueprints include the manifests necessary to deploy Kubernetes pods. Each pod has a common architecture among its three (3) containers: web-app, xtra-wasm, and web-retriever.

flowchart LR
    subgraph Pod["Pod Internal Architecture"]
        direction TB

        subgraph Containers["Three Containers"]
            direction LR

            WoSP["<b>xtra-wasm</b><br/>━━━━━━━<br/>Envoy + WoSP<br/>IN: 18000<br/>OUT: 18001+"]
            App["<b>web-app</b><br/>━━━━━━━<br/>Python App<br/>Port: 8000"]
            WR["<b>web-retriever</b><br/>━━━━━━━<br/>HTTP Transform<br/>Port: 8080"]
        end

        Secrets[("Secrets<br/>HOPR creds")]
    end

    ExtIn[("Incoming<br/>from other pods")] ==>|":18000"| WoSP
    WoSP ==>|"localhost:8000"| App
    App ==>|"localhost:18001"| WoSP
    WoSP ==>|":18001+"| ExtOut[("Outgoing<br/>to other pods")]

    WR -.->|"elements"| WoSP
    Secrets -.->|"env vars"| WoSP

    style Pod fill:#f5f5f5,stroke:#424242,stroke-width:3px
    style Containers fill:#fff,stroke:#666,stroke-width:2px
    style WoSP fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#fff
    style App fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#fff
    style WR fill:#2196F3,stroke:#1565C0,stroke-width:2px,color:#fff
    style Secrets fill:#CE93D8,stroke:#6A1B9A,stroke-width:2px
    style ExtIn fill:#9E9E9E,stroke:#424242,stroke-width:2px
    style ExtOut fill:#9E9E9E,stroke:#424242,stroke-width:2px

Each blueprint includes:

• Application - Python-based application with customizable business logic
• Dockerfile - The file necessary to containerize the app for use in Kubernetes
• Kubernetes Mnaifests - Pre-configured namespace, secrets, and deployment yamls
• Hopr License & Credentials - Preconfigured in the blueprint secrets yaml
• Documentation - Deployment, Implementation, and README guides

How WoSP Differs from Traditional Networking

Traditional pod-to-pod communication exposes IP addresses and metadata. WoSP (Workload Security Proxy) provides:

• Reduced Dependency on Central Services - No complexity from external PKI, TLS, CAs, Key managers or secrets managers
• Ephemeral Access Credentials - Identity and secret credentials are rotated (hopped) at a high frequency
• Zero Trust Authorization - Workload (pod) access authorization is defined in blueprint patterns and MAID credentials are verified for trust frequently
• Authentication Without Key Exchange - Pod-to-pod communications are end-to-end encrypted without a key exchange. Only trusted pods can connect with each other.

Who Should Use Lane7 Blueprints?

• Developers learning privacy-preserving architectures
• DevOps and Platform Engineers frustrated with the friction and complexity of deploying secure applications
• Enterprises requiring confidential inter-service communication
• Researchers exploring secure application layer networking
• SaaS Providers building privacy-focused applications
• Agentic AI Providers building automated AI systems authorized to act for humans
• Government Contractors with strict data isolation and data soveriegnty requirements

Support & Resources

• Technical Documentation: You're reading it!
• Blueprint Catalog Access: Lane7 Catalog
• Technical Support: support@hopr.co
• Sales & Licensing: sales@hopr.co
• GitLab Docs Repository: GitLab Issues

License & Export Controls

Important Legal Information

Free Blueprints: Licensed under the Hopr.co Free Blueprint EULA for non-commercial use within the United States only. Users must pass Treasury CSL screening.

Paid Blueprints: Licensed under the Hopr.co Paid Blueprint EULA for commercial use within the United States only. Includes Know Your Customer business verification and export control compliance checking.

See License Terms for complete details.

Patent & Proprietary Technology

Lane7 Blueprints utilize Hopr Corporation's patented technologies and protocols, Codes Hidden in Plain Sight (CHIPS™), Machine Alias ID (MAID™), and Synchronous Ephemeral Encryption (SEE™). This documentation and associated code are proprietary intellectual property.

Copyright © 2024-2025 Hopr Corporation. All rights reserved.

---

Get Started

Request a Free Blueprint

Learn More

Read Documentation

Contact Sales

Enterprise Licensing

---

Recent Updates

• January 2026: Initial Lane7 Blueprints documentation published
• December 2025: Quad-pod Fan-Out-In blueprint released
• December 2025: Bi-pod Blueprint released

View Full Changelog