Identity-based access management for dynamic infrastructure with just-in-time access and session controls
- Stars4k
- Forks310
- Open Issues161
Other
- Go
- PLpgSQL
- HCL
About Boundary
Boundary is an identity-aware proxy for accessing hosts and critical systems on a network. It provides a way to sign in with an IdP, control who can reach resources, and manage privileged sessions without installing software on every host.
It uses a controller and workers to serve the API and handle sessions. Boundary can provide just-in-time network access, manage session credentials through a native static credential store or with HashiCorp Vault, and automate discovery of new endpoints. A desktop client and CLI are available for requesting and establishing authorized sessions.
Boundary can run in clouds, on-prem, secure enclaves, and more. It requires a SQL database and at least one KMS, supports PostgreSQL, and can use any cloud KMS or Vault Transit Secrets Engine. Boundary is available as a server binary and desktop clients, and the main branch is not intended for long-term use.
Key features
- OpenID Connect sign-in with your IdP
- Just-in-time network access to resources
- Native static credential store or Vault-based dynamic credentials
- Session controls for privileged access
- Desktop client and CLI for authorized sessions
Details
- First released
- 2020
- Self-hosting
- Cloud, on-prem, secure enclaves
- Database
- PostgreSQL 12+
- KMS
- Cloud KMS or Vault Transit
- Clients
- Desktop client · CLI
- Architecture
- Controller · Workers