How to set up Teleport for Kubernetes access?

Teleport proxies Kubernetes API requests by deploying agents in your clusters and configuring role-based access; follow the Kubernetes access guide to enable SSO, audit kubectl commands, and eliminate static tokens.

Teleport vs. HashiCorp Vault for secrets management?

Teleport focuses on certificate-based access to infrastructure (SSH, databases, etc.) with session auditing, while Vault is a secrets manager for credentials and encryption. They can complement each other, but Teleport doesn't store or rotate traditional secrets.

Does Teleport work with AWS or other cloud consoles?

Yes, Teleport can secure access to cloud provider consoles (AWS, Azure, GCP) by proxying web sessions and enforcing identity-based policies, allowing SSO integration and audit trails for console activities.

Can Teleport replace a traditional VPN?

Teleport provides zero-trust tunneling to specific resources without broad network access, making it a modern alternative to VPNs for targeted infrastructure access, but it may not suit all network-level use cases like site-to-site connectivity.

Is Teleport free for commercial use?

The open-source version is AGPL-licensed and free, but enterprise features (e.g., advanced RBAC, SSO connectors) require a paid plan; self-hosted deployments have compliance considerations due to mixed licensing.

How to integrate Teleport with Okta for SSO?

Configure Teleport as a SAML or OIDC service provider in Okta, map user attributes to Teleport roles, and enable Just-in-Time access requests; detailed steps are in the SSO documentation with provider-specific examples.

Open-Awesome

teleport

AGPL-3.0Gov18.7.2Self-Hosted

An identity-aware access proxy that provides secure connectivity, authentication, and audit for SSH, Kubernetes, databases, and web apps.

Visit Website GitHub

20.2k stars2.0k forks0 contributors

What is teleport?

Teleport is an open-source infrastructure access platform that provides secure connectivity, authentication, authorization, and audit logging for servers, Kubernetes clusters, databases, and internal applications. It replaces insecure practices like long-lived SSH keys, passwords, and VPNs with certificate-based authentication and a unified access proxy, enforcing zero-trust principles across hybrid and multi-cloud environments.

Target Audience

Platform engineers, DevOps teams, and security administrators managing access to distributed infrastructure across cloud and on-premises environments, particularly those seeking to eliminate credential sprawl and enforce least-privilege access.

Value Proposition

Developers choose Teleport for its comprehensive protocol support (SSH, Kubernetes, databases, RDP), elimination of long-lived secrets, seamless SSO integration, and detailed session auditing—all packaged as a single, scalable binary that simplifies infrastructure security without sacrificing usability.

Overview

The easiest, and most secure way to access and protect all of your infrastructure.

Use Cases

Best For

Replacing traditional SSH bastion hosts and VPNs with identity-aware access
Enforcing least-privilege and Just-in-Time (JIT) access for Kubernetes clusters
Securing database access (PostgreSQL, MySQL, MongoDB) without password sprawl
Centralizing audit logs for SSH, Kubernetes, and database sessions
Implementing single sign-on (SSO) for all infrastructure resources
Providing secure access to internal web applications behind firewalls

Not Ideal For

Teams relying exclusively on cloud provider IAM with no need for cross-protocol access unification
Organizations with simple, static infrastructure where SSH key management suffices and audit requirements are minimal
Environments requiring real-time, low-latency access without any proxy overhead (e.g., high-frequency trading systems)
Projects heavily invested in legacy PAM solutions with strict regulatory compliance that Teleport may not fully replace

Pros & Cons

Pros

Unified Protocol Support

Consolidates access for SSH, Kubernetes, databases, RDP, and web apps through a single proxy, eliminating tool sprawl as highlighted in the README's key features list.

Certificate-Based Authentication

Replaces long-lived passwords and SSH keys with short-lived, auto-expiring certificates for all protocols, enforcing zero-trust principles without credential rotation headaches.

Comprehensive Audit Logging

Records and audits activity across SSH, Kubernetes, database, and web sessions, providing detailed logs for compliance and security investigations as described in the features.

Seamless SSO Integration

Supports GitHub Auth, OpenID Connect, and SAML with providers like Okta, enabling single sign-on for all infrastructure resources without custom integration work.

Cons

Complex Initial Setup

Building from source requires multiple dependencies (Go, Rust, Node.js, libfido2) and careful configuration, making local development and deployment more involved than drop-in solutions.

Protocol and Ecosystem Gaps

Limited to supported protocols (e.g., no native SMB or legacy system access); custom or niche resources may require workarounds or fall outside Teleport's scope.

Operational Overhead

Running a self-hosted Teleport cluster adds management burden for updates, scaling, and troubleshooting compared to simpler access methods like SSH keys or managed VPNs.

Frequently Asked Questions

Related Projects

ssh chat

Chat over SSH.

Stars5,879

Forks429

Last commit3 months ago

whosthere

A ssh server that knows who you are. $ ssh whoami.filippo.io

Stars2,345

Forks109

Last commit8 days ago

ShellHub

:computer: Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing

:tophat: simple, fun and transparent SSH (and telnet) bastion server

Stars1,926

Forks139

Last commit9 days ago

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub