Identity-aware infrastructure access with short-lived certificates and audit across SSH, Kubernetes, databases, and RDP
- Stars20.5k
- Forks2.1k
- Open Issues3.5k
AGPL-3.0
- Go
- TypeScript
- C
About Teleport
Teleport is an infrastructure access platform for connectivity, authentication, access controls, and audit. It provides one identity and access layer for cloud and on-prem infrastructure, covering human users and workloads. It protects SSH servers, Kubernetes clusters, databases, Windows desktops, web apps, cloud APIs, Git repositories, and MCP servers without long-lived keys or passwords.
Teleport includes an identity-aware access proxy, a CA for short-lived certificates, unified RBAC and ABAC, and tunnels for resources behind NATs and firewalls without VPNs or bastion hosts. It supports SSO via GitHub Auth, OpenID Connect, or SAML, MFA, JIT access requests, session sharing, and recording across SSH, Kubernetes, database, RDP, and web sessions.
Teleport runs as a single Go binary with a TypeScript web UI. It can run as a Linux daemon, on Kubernetes, or in Docker. Teleport Enterprise Cloud is available as a managed deployment.
Key features
- SSO for cloud and on-prem infrastructure
- Short-lived certificate auth without shared SSH keys
- Access to SSH, Kubernetes, databases, RDP, web apps, and cloud APIs
- Tunnels to resources behind NATs and firewalls without VPNs
- Session recording and audit across SSH, Kubernetes, database, RDP, and web
Details
- First released
- 2015
- Self-hosting
- Linux daemon · Kubernetes · Docker
- Cloud
- Teleport Enterprise Cloud
- Authentication
- Short-lived certificates
- SSO
- GitHub Auth · OIDC · SAML
- Access control
- RBAC · ABAC · JIT requests