Open Source Privileged Access Management
Privileged access is where the real risk concentrates - the admin accounts and root sessions that can change or destroy everything - so the point of a PAM system is less about granting access than recording and constraining it. The open source tools here put bastions, approval flows, and session recording in front of those accounts, and run inside your own perimeter, so the record of who touched what stays under your control rather than a provider's.
HashiCorp Vault
Secrets management, encryption as a service, and privileged access management
JumpServer
Open-source PAM and bastion host for browser access to SSH, RDP, Kubernetes, database, and RemoteApp endpoints
Infisical
Open-source secrets, certificate, and privileged access management for teams and infrastructure
Teleport
Identity-aware infrastructure access with short-lived certificates and audit across SSH, Kubernetes, databases, and RDP
Warpgate
Transparent SSH, HTTPS, Kubernetes, MySQL, and PostgreSQL bastion with session recording
Pomerium
Identity-aware reverse proxy for clientless access to internal apps without a corporate VPN
Boundary
Identity-based access management for dynamic infrastructure with just-in-time access and session controls
Bastillion
Web-based bastion host for SSH console access, public key management, and administrative access control
ShellHub
Centralized SSH gateway for remotely accessing Linux devices with web, mobile, and native SSH clients