# gravitational/teleport **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/gravitational-teleport).** 19,863 stars · 1,993 forks · Go · agpl-3.0 ## Links - GitHub: https://github.com/gravitational/teleport - Homepage: https://goteleport.com - awesome-repositories: https://awesome-repositories.com/repository/gravitational-teleport.md ## Topics `audit` `bastion` `certificate` `cluster` `database-access` `firewall` `firewalls` `go` `golang` `jumpserver` `kubernetes` `kubernetes-access` `pam` `postgres` `rbac` `rdp` `security` `ssh` `teleport` `teleport-binaries` ## Description Teleport is a zero-trust access platform designed to provide secure, identity-based connectivity to servers, databases, and Kubernetes clusters. It functions as a centralized gateway that replaces static credentials with short-lived, identity-bound cryptographic certificates, effectively eliminating the need for traditional VPNs and long-term secret exposure. The platform distinguishes itself by orchestrating access through a unified control plane that maps external identity provider claims to granular, role-based infrastructure permissions. It enforces security through mutual TLS gateways and identity-aware proxies, ensuring that every interaction is authenticated, authorized, and recorded. By automating the lifecycle of ephemeral credentials and providing comprehensive session recording, it enables organizations to maintain a searchable audit trail across heterogeneous, multi-cloud, and on-premises environments. Beyond core connectivity, the system provides extensive tooling for infrastructure governance, including automated access request workflows, device trust verification, and machine identity management for automated workloads. It supports broad observability through real-time audit event streaming, risk analysis, and health monitoring, ensuring consistent security policies are applied to both human users and autonomous agents. The platform is deployed via lightweight access agents installed on remote resources, which establish secure outbound connections to the management cluster to bypass complex network configurations. ## Tags ### Security & Cryptography - [Zero Trust Access](https://awesome-repositories.com/f/security-cryptography/zero-trust-access.md) — Provides identity-based, least-privileged access to infrastructure resources without relying on static credentials. ([source](https://goteleport.com/docs/feature-matrix/)) - [Authentication Gateways](https://awesome-repositories.com/f/security-cryptography/authentication-gateways.md) — A centralized control plane that consolidates authentication and authorization workflows across distributed, multi-cloud, and on-premises environments. - [Identity-Aware Proxies](https://awesome-repositories.com/f/security-cryptography/identity-aware-proxies.md) — A secure connectivity layer that replaces traditional VPNs by routing traffic through identity-verified tunnels to internal applications and resources. - [Federated Access](https://awesome-repositories.com/f/security-cryptography/zero-trust-access-controls/federated-access.md) — The platform establishes trust between independent clusters to allow users to access resources across multiple environments through a single authentication point. ([source](https://goteleport.com/docs/reference/architecture/)) - [Access Auditing](https://awesome-repositories.com/f/security-cryptography/access-auditing.md) — The platform records and logs detailed events for all infrastructure interactions to provide a comprehensive trail of user and machine activity. ([source](https://goteleport.com/docs/reference/)) - [Credential Lifecycle Management](https://awesome-repositories.com/f/security-cryptography/credential-lifecycle-management.md) — Automates the issuance, rotation, and expiration of short-lived digital identities to eliminate standing access and long-term secret exposure. - [Mutual Authentication](https://awesome-repositories.com/f/security-cryptography/mutual-authentication.md) — Requires mutual identity verification between clients and servers using cryptographic certificates for all communications. ([source](https://goteleport.com/learn/)) - [Privileged Access Management](https://awesome-repositories.com/f/security-cryptography/privileged-access-management.md) — A security solution that enforces role-based access controls, session recording, and audit logging for sensitive infrastructure and administrative tasks. - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Enforces granular authorization policies by mapping external identity provider claims to specific infrastructure permissions and ephemeral user privileges. - [Ephemeral Certificate Issuance](https://awesome-repositories.com/f/security-cryptography/certificate-issuance-utilities/ephemeral-certificate-issuance.md) — The platform generates digital credentials with brief validity periods that automatically expire to reduce the risk of unauthorized access from compromised or stolen secrets. ([source](https://goteleport.com/docs/reference/architecture/)) - [Access Request Orchestrators](https://awesome-repositories.com/f/security-cryptography/data-access-governance/access-request-orchestrators.md) — Automates the lifecycle of infrastructure access requests through approval routing and role-based policy enforcement. ([source](https://goteleport.com/docs/feature-matrix/)) - [Audit and Compliance](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/audit-and-compliance.md) — Recording detailed session logs and system events across distributed environments to maintain a searchable trail for security monitoring. - [Mutual TLS Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/machine-and-protocol-identity/specialized-authentication-protocols/mutual-tls-authentication.md) — Terminates and inspects encrypted traffic at the edge to enforce identity verification and security policies between clients and internal services. - [Security Monitoring](https://awesome-repositories.com/f/security-cryptography/identity-and-access-management-servers/security-monitoring.md) — The platform analyzes access patterns and infrastructure configurations to detect vulnerabilities and anomalous behavior across human and machine identities. ([source](https://goteleport.com/docs/feature-matrix/)) - [Identity Federation Providers](https://awesome-repositories.com/f/security-cryptography/identity-federation-providers.md) — The platform connects to existing identity providers to issue short-lived certificates or act as a service provider for secure application access. ([source](https://cdn.jsdelivr.net/gh/gravitational/teleport@master/README.md)) - [Just-in-Time Access](https://awesome-repositories.com/f/security-cryptography/just-in-time-access.md) — Grants temporary, time-limited infrastructure permissions that automatically expire to minimize standing access risks. ([source](https://goteleport.com/)) - [Machine Identity](https://awesome-repositories.com/f/security-cryptography/machine-identity.md) — The platform automates the lifecycle of credentials for services and bots to enable secure, identity-based access for workloads and continuous integration pipelines. ([source](https://goteleport.com/docs/reference/architecture/)) - [Single Sign-On Solutions](https://awesome-repositories.com/f/security-cryptography/single-sign-on-solutions.md) — The platform consolidates user authentication across multiple applications by connecting to centralized identity providers to simplify access management and improve security. ([source](https://goteleport.com/learn/)) - [Database Identity Mapping](https://awesome-repositories.com/f/security-cryptography/access-provisioning/embedded-user-provisioning/database-identity-mapping.md) — Eliminates shared database accounts by automatically mapping users to individual database identities upon connection. ([source](https://goteleport.com/docs/enroll-resources/database-access/)) - [Passwordless Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/user-facing-login-methods/standard-web-authentication-schemes/passwordless-authentication.md) — The platform verifies user identity using hardware keys and cryptographic tokens to eliminate the need for traditional passwords during the login process. ([source](https://goteleport.com/docs/feature-matrix/)) - [Kubernetes Security](https://awesome-repositories.com/f/security-cryptography/kubernetes-security.md) — Managing unified authentication and role-based access control for multiple Kubernetes clusters through a centralized identity-aware gateway. - [Policy-Based Access Control](https://awesome-repositories.com/f/security-cryptography/policy-based-access-control.md) — Enforces granular security permissions and access restrictions based on centralized role-based authorization policies. ([source](https://goteleport.com/docs/enroll-resources/desktop-access/introduction/)) - [Inline Risk Analysis](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-analysis-tools/inline-risk-analysis.md) — The platform identifies over-privileged users and detects security risks like exposed keys to maintain a secure access posture. ([source](https://goteleport.com/docs/)) - [Secure Web Gateways](https://awesome-repositories.com/f/security-cryptography/web-application-security/secure-web-gateways.md) — Exposes internal web applications through a secure gateway using unique subdomains and automated certificate management. ([source](https://goteleport.com/docs/enroll-resources/application-access/introduction/)) - [CLI Authentication](https://awesome-repositories.com/f/security-cryptography/cli-authentication.md) — Generates short-lived certificates for secure, identity-based authentication during command-line interface operations. ([source](https://goteleport.com/docs/enroll-resources/application-access/introduction/)) - [Multi-Factor Authentication](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication.md) — Enforces secondary identity verification requirements for all infrastructure access requests. ([source](https://goteleport.com/docs/admin-guides/deploy-a-cluster/linux-demo)) - [Secure Remote Access](https://awesome-repositories.com/f/security-cryptography/secure-remote-access.md) — Establishes encrypted, identity-verified tunnels for secure remote access to servers and databases. ([source](http://goteleport.com/download)) - [AI Agent Security](https://awesome-repositories.com/f/security-cryptography/ai-agent-security.md) — Provides secure, audited access controls for autonomous agents interacting with infrastructure and databases. ([source](https://goteleport.com/docs/)) - [Biometric Authentication](https://awesome-repositories.com/f/security-cryptography/biometric-authentication.md) — The platform verifies user identity using biometric hardware to enable secure, passwordless login flows for protected infrastructure and applications. ([source](https://goteleport.com/docs/)) - [Trust Verification](https://awesome-repositories.com/f/security-cryptography/trust-verification.md) — Validates device integrity and hardware authorization before granting access to protected infrastructure resources. ([source](https://goteleport.com/docs/)) ### Networking & Communication - [Remote Access](https://awesome-repositories.com/f/networking-communication/remote-access.md) — Provides unified access to remote server resources through web-based terminals or command-line interfaces to manage distributed environments from any location. ([source](https://goteleport.com/docs/admin-guides/deploy-a-cluster/linux-demo/)) - [Identity-Based Tunnels](https://awesome-repositories.com/f/networking-communication/vpn-controllers/identity-based-tunnels.md) — Connects users to remote infrastructure through identity-based tunnels to remove the complexity and security risks of traditional VPNs. ([source](https://goteleport.com/)) - [Remote Access Clients](https://awesome-repositories.com/f/networking-communication/remote-access-clients.md) — Provides command-line and desktop utilities to authenticate users and manage secure connections to remote infrastructure resources. ([source](https://goteleport.com/download/)) - [Reverse Tunnels](https://awesome-repositories.com/f/networking-communication/reverse-tunnels.md) — Establishes secure outbound connections from private resources to a central control plane to bypass complex firewall and network configurations. - [Host Networking Services](https://awesome-repositories.com/f/networking-communication/host-networking-services.md) — The platform runs authentication and proxy services within isolated containers to manage secure connectivity for servers, databases, and applications. ([source](https://goteleport.com/docs/installation/docker/)) ### Development Tools & Productivity - [Infrastructure](https://awesome-repositories.com/f/development-tools-productivity/macro-recorders/session-recorders/infrastructure.md) — The platform captures interactive session activity and protocol-level events across infrastructure resources to provide a comprehensive audit trail for compliance. ([source](https://goteleport.com/docs/feature-matrix/)) ### DevOps & Infrastructure - [Self-Hosted Infrastructure Platforms](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-infrastructure-platforms.md) — Sets up centralized management infrastructure to coordinate identity verification, audit logging, and unified access control across distributed environments. ([source](https://goteleport.com/download)) - [Deployment Agents](https://awesome-repositories.com/f/devops-infrastructure/deployment-agents.md) — Installs lightweight services on remote servers or databases to establish secure, identity-based connectivity and enforce access policies. ([source](https://goteleport.com/download)) - [Kubernetes Cluster Management](https://awesome-repositories.com/f/devops-infrastructure/kubernetes-cluster-management.md) — Connects Kubernetes clusters to a centralized management plane through automated discovery or manual agent deployment across various environments. ([source](https://goteleport.com/docs/enroll-resources/kubernetes-access/introduction/)) - [Cluster Configuration Management](https://awesome-repositories.com/f/devops-infrastructure/cluster-configuration-management.md) — Maintains dynamic resources including user roles, local accounts, and infrastructure definitions in a centralized registry. ([source](https://goteleport.com/docs/reference/architecture/)) - [Infrastructure Automation](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-automation.md) — Manages access resources and infrastructure state using command-line tools or configuration files to ensure consistent security policies across the environment. ([source](https://goteleport.com/docs/reference/)) - [Infrastructure Discovery Tools](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-discovery-tools.md) — Automatically scans and enrolls infrastructure components like servers, databases, and clusters into the centralized access management system. ([source](https://goteleport.com/docs/)) ### System Administration & Monitoring - [Audit Logging Systems](https://awesome-repositories.com/f/system-administration-monitoring/audit-logging-systems.md) — Captures and centralizes session logs, command execution, and system events across heterogeneous environments into a unified, searchable audit trail. ### Data & Databases - [Database Registration](https://awesome-repositories.com/f/data-databases/database-management-systems/database-engines/cloud-native-databases/database-registration.md) — Identifies and enrolls cloud-hosted or local databases into the access system without requiring service redeployment. ([source](https://goteleport.com/docs/enroll-resources/database-access/))