Teleport
Open SourceAPITeleport is an open source identity-aware infrastructure access platform for SSH, Kubernetes, databases, and web apps wi
goteleport.comLast updated: April 2026
Teleport is an open source identity-aware infrastructure access platform for SSH, Kubernetes, databases, and web apps with zero-trust and audit logging.
About
Teleport is an open source identity-aware infrastructure access platform that provides engineers with secure, audited access to Linux servers, Kubernetes clusters, databases, and internal web applications. Built on zero-trust principles, Teleport eliminates the need for VPNs, static credentials, and complex firewall rules by using certificate-based authentication and a programmatic access proxy.
The certificate-based authentication model is central to how Teleport secures infrastructure access. Rather than using static SSH keys or passwords, Teleport issues short-lived X.509 and SSH certificates to authenticated users. These certificates expire automatically (typically within hours), eliminating the security risk of long-lived credentials that are forgotten and never rotated. When a certificate expires, the user must re-authenticate to receive a new one.
Identity integration in Teleport connects to any SAML 2.0 or OIDC identity provider including Okta, Azure AD, Google Workspace, and others. Users authenticate using their corporate SSO credentials and MFA, and Teleport's access policies grant access to specific infrastructure resources based on the user's identity and role. This means the same onboarding and offboarding processes that manage application access also control infrastructure access.
Role-Based Access Control (RBAC) in Teleport is highly granular. Access policies can restrict which servers, databases, or Kubernetes namespaces each role can access, and can apply additional constraints such as requiring approval for access to production systems, restricting access to specific time windows, or requiring additional MFA factors for privileged operations.
The audit log in Teleport captures all access sessions with full playback capability. SSH sessions are recorded as text streams that can be replayed, showing every command executed and every output returned. Database sessions capture all queries. Kubernetes sessions capture all API server interactions. This comprehensive session recording provides the compliance evidence and incident investigation capability that security-conscious organizations require.
Teleport Application Access provides similar zero-trust access controls for internal web applications, enabling access to tools like Grafana, JIRA, or custom dashboards without exposing them to the public internet.
Teleport Machine ID enables automated pipelines, bots, and service accounts to authenticate to infrastructure using short-lived certificates, extending the zero-trust model to non-human access.
Positioning
Teleport is an open source infrastructure access platform that provides identity-based, zero-trust access to servers, Kubernetes clusters, databases, and internal web applications. Built by Gravitational, Teleport replaces VPNs, shared credentials, and bastion hosts with certificate-based authentication tied to short-lived identity certificates that expire automatically.
The platform implements the principle that infrastructure access should be identity-aware, auditable, and ephemeral. Every connection is authenticated against an identity provider, authorized by role-based policies, and recorded for compliance — with certificates that last hours, not years, eliminating the risk of credential theft providing persistent access.
What You Get
- Unified Access Plane
Single gateway for SSH, Kubernetes, PostgreSQL, MySQL, MongoDB, Redis, Windows RDP, and internal web applications - Certificate-Based Auth
Short-lived X.509 and SSH certificates issued after identity verification, eliminating static keys and long-lived credentials - Session Recording
Full session capture for SSH, kubectl, database queries, and desktop sessions with structured audit events and replay capability - Access Requests
Just-in-time privilege escalation with approval workflows via Slack, PagerDuty, or custom integrations for temporary elevated access - Device Trust
Cryptographic device identity verification ensuring connections originate from enrolled, trusted hardware - Machine ID
Service account access using the same certificate authority, providing CI/CD pipelines and automation with audited, expiring credentials
Core Areas
Server Access
SSH and RDP access management with automatic certificate rotation, session recording, and identity-based authorization
Kubernetes Access
Multi-cluster kubectl access with per-namespace RBAC, audit logging of every API request, and just-in-time access controls
Database Access
Protocol-aware proxying for PostgreSQL, MySQL, MongoDB, and other databases with query-level audit logging
Application Access
Reverse proxy for internal web applications and APIs with SSO integration and session-based access controls
Why It Matters
VPNs provide network access, not resource access — once inside the network, lateral movement is largely unrestricted. Teleport replaces this model with identity-based access where every connection to every resource is individually authenticated, authorized, and logged, implementing true zero trust at the infrastructure layer.
The open source core means organizations can audit the access control logic protecting their infrastructure, while short-lived certificates ensure that even if a credential is compromised, the window of exploitation is measured in hours rather than the months or years typical of SSH keys and database passwords.
Reviews
No reviews yet.
Log in to write a review
Related
StrongDM
StrongDM is a zero-trust access management platform that provides secure, audited access to databases, servers, Kubernetes, and web applications.
Zitadel
Zitadel is an open source cloud-native identity and access management platform with SSO, MFA, and multi-tenancy for B2B and B2C applications.
Ory
Ory is an open source identity infrastructure platform providing authentication, authorization, and user management APIs built on zero-trust principles.