How does Warpgate handle Kubernetes access without a client wrapper?

Warpgate acts as a transparent proxy for Kubernetes API servers, allowing users to connect using standard kubectl with configured credentials, and it records all interactions for audit.

Warpgate or Teleport: which one should I choose for my team?

Warpgate is ideal if you prefer no custom client software and self-hosting, while Teleport offers more features like SaaS options but requires client wrappers. Consider your need for client transparency versus enterprise support.

How to configure session recording in Warpgate?

Session recording is enabled by default and stored in an SQLite database. You can configure storage paths and retention policies through the Warpgate setup process or admin UI.

Does Warpgate work with Active Directory for authentication?

Warpgate supports SSO via OpenID Connect, which can integrate with Active Directory using providers like Azure AD. However, native LDAP support is not mentioned in the core features.

Can I use Warpgate to access PostgreSQL databases securely?

Yes, Warpgate proxies PostgreSQL connections, providing authentication, access control, and full session recording for database queries and interactions.

How to deploy Warpgate in a Docker container?

Warpgate provides Docker deployment instructions in the 'Getting started on Docker' docs, including how to run the binary in a container with persistent storage for sessions.

What happens if the Warpgate service goes down?

Since Warpgate is a bastion host, its downtime would block access to all proxied services. For high availability, you'd need to set up multiple instances with load balancing, which isn't covered out-of-the-box.

Open-Awesome

Warpgate

Apache-2.0Rustv0.25.0Self-Hosted

A transparent SSH, HTTPS, Kubernetes, MySQL, and PostgreSQL bastion host with built-in session recording and no client-side software required.

Visit Website GitHub

7.1k stars282 forks0 contributors

What is Warpgate?

Warpgate is an open-source bastion host and Privileged Access Management (PAM) solution that provides secure, audited access to internal services like SSH, HTTPS, Kubernetes, MySQL, and PostgreSQL. It solves the problem of managing secure access to backend infrastructure without requiring custom client software or complex VPN setups. By acting as a transparent proxy, it enables precise user-to-service assignments with full session recording and built-in authentication.

Target Audience

System administrators, DevOps engineers, and security teams managing access to servers, databases, and Kubernetes clusters in production environments. It's ideal for organizations needing a self-hosted, auditable alternative to commercial PAM solutions.

Value Proposition

Developers choose Warpgate because it offers a transparent, client-software-free approach to bastion hosting with out-of-the-box 2FA, SSO, and session recording. Unlike traditional jump hosts or VPNs, it provides precise access control without sacrificing auditability, all packaged as a single Rust binary for easy deployment.

Overview

Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software

Use Cases

Best For

Securing SSH access to production servers with session recording
Providing audited HTTPS proxy access to internal web applications
Managing secure Kubernetes API server access without client wrappers
Controlling and monitoring database (MySQL/PostgreSQL) connections
Implementing a self-hosted PAM solution with 2FA and SSO
Replacing VPNs for precise service-level access in DMZ environments

Not Ideal For

Enterprises needing out-of-the-box LDAP/Active Directory integration without OpenID Connect setup
High-traffic environments where proxy latency and SQLite storage could become bottlenecks
Teams preferring fully managed SaaS PAM solutions to avoid self-hosting maintenance
Use cases requiring support for additional protocols like RDP or VNC

Pros & Cons

Pros

Client-Software-Free Access

Works with standard SSH, HTTPS, and database clients without any custom wrappers or plugins, as highlighted in the 'No custom client needed' comparison table.

Comprehensive Session Auditing

Records every session for live viewing and replay with command-level audit trails stored in SQLite, providing full visibility into user actions.

Built-in Authentication Features

Supports TOTP and OpenID Connect out of the box for 2FA and SSO, reducing the need for additional authentication setup.

Easy Deployment

Distributed as a single dependency-free binary written in Rust, making installation and setup straightforward with minimal dependencies.

Cons

Limited Protocol Support

Currently supports SSH, HTTPS, Kubernetes, MySQL, and PostgreSQL, but lacks native support for other common protocols like RDP or VNC, which might require additional solutions.

Scalability Concerns

Uses SQLite for session storage by default, which may not be ideal for high-volume environments or distributed setups without manual database configuration.

Self-Hosted Maintenance

Being self-hosted means teams are responsible for updates, security patches, and infrastructure management, unlike SaaS alternatives that handle these automatically.

Open Source Alternative To

Warpgate is an open-source alternative to the following products:

Teleport

Teleport is an open-source infrastructure access platform that provides secure access to SSH servers, Kubernetes clusters, web applications, and databases.

Frequently Asked Questions

Related Projects

Sshwifty

Web SSH & Telnet (WebSSH & WebTelnet client) 🔮

Stars3,103

Forks398

Last commit17 days ago

Termix

Clientless web-based server management platform with SSH terminal, tunneling, and file editing capabilities. (Source Code) Apache-2.0 Docker

Secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO. (Source Code) Apache-2.0 Elixir/Docker

ShellHub is a modern SSH server for remotely accessing linux devices via command line (using any SSH client) or web-based user interface, designed as an alternative to sshd. Think ShellHub as centralized SSH for the the edge and cloud computing

Stars0

Forks0

Last commit

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

Warpgate

Apache-2.0Rustv0.25.0Self-Hosted

A transparent SSH, HTTPS, Kubernetes, MySQL, and PostgreSQL bastion host with built-in session recording and no client-side software required.

Visit Website GitHub

7.1k stars282 forks0 contributors

What is Warpgate?

Target Audience

Value Proposition

Overview

Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software

Use Cases

Best For

Securing SSH access to production servers with session recording
Providing audited HTTPS proxy access to internal web applications
Managing secure Kubernetes API server access without client wrappers
Controlling and monitoring database (MySQL/PostgreSQL) connections
Implementing a self-hosted PAM solution with 2FA and SSO
Replacing VPNs for precise service-level access in DMZ environments

Not Ideal For

Enterprises needing out-of-the-box LDAP/Active Directory integration without OpenID Connect setup
High-traffic environments where proxy latency and SQLite storage could become bottlenecks
Teams preferring fully managed SaaS PAM solutions to avoid self-hosting maintenance
Use cases requiring support for additional protocols like RDP or VNC

Pros & Cons

Pros

Client-Software-Free Access

Works with standard SSH, HTTPS, and database clients without any custom wrappers or plugins, as highlighted in the 'No custom client needed' comparison table.

Comprehensive Session Auditing

Records every session for live viewing and replay with command-level audit trails stored in SQLite, providing full visibility into user actions.

Built-in Authentication Features

Supports TOTP and OpenID Connect out of the box for 2FA and SSO, reducing the need for additional authentication setup.

Easy Deployment

Distributed as a single dependency-free binary written in Rust, making installation and setup straightforward with minimal dependencies.

Cons

Limited Protocol Support

Currently supports SSH, HTTPS, Kubernetes, MySQL, and PostgreSQL, but lacks native support for other common protocols like RDP or VNC, which might require additional solutions.

Scalability Concerns

Uses SQLite for session storage by default, which may not be ideal for high-volume environments or distributed setups without manual database configuration.

Self-Hosted Maintenance

Being self-hosted means teams are responsible for updates, security patches, and infrastructure management, unlike SaaS alternatives that handle these automatically.

Open Source Alternative To

Warpgate is an open-source alternative to the following products:

Teleport

Teleport is an open-source infrastructure access platform that provides secure access to SSH servers, Kubernetes clusters, web applications, and databases.

Frequently Asked Questions

Related Projects

Sshwifty

Web SSH & Telnet (WebSSH & WebTelnet client) 🔮

Stars3,103

Forks398

Last commit17 days ago

Termix

Clientless web-based server management platform with SSH terminal, tunneling, and file editing capabilities. (Source Code) Apache-2.0 Docker

Secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO. (Source Code) Apache-2.0 Elixir/Docker

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub