// the find
gravitational/teleport
The easiest, and most secure way to access and protect all of your infrastructure.
Teleport is a unified access plane for infrastructure: SSH, Kubernetes, databases, RDP, and internal web apps all go through a single identity-aware proxy that issues short-lived certificates instead of managing keys or passwords. It's aimed at teams who want to kill their VPN and bastion host setup and get real audit trails in return. At 20k stars and actively shipping (v18.x), it's not experimental.
Certificate-based auth with automatic expiry across every protocol it touches means no key rotation ceremonies, no shared credentials sitting in ~/.ssh/authorized_keys on fifty servers. The JIT access request flow is genuinely well thought out: users request elevated roles, policies decide whether approval is required, and the privilege window closes automatically — no manual cleanup step that someone forgets. Session recording works across SSH, kubectl exec, database queries, and RDP in a consistent way, which is hard to achieve with per-protocol bolt-ons. The single-binary distribution model means the agent you push to a server is self-contained — no runtime dependencies to manage on the target host.
The build chain is a warning sign: you need Go, Rust, Node.js, and libfido2 to compile from source. The Rust dependency is buried in native cryptographic code and not well-explained in the README. AGPL-3.0 applies to everything outside /api — if you fork and self-host a modified version commercially, you're obligated to open-source your changes, which rules it out for plenty of internal tooling use cases without a commercial license. The community vs. enterprise feature boundary is genuinely murky; device trust, some RBAC policy features, and external audit storage are enterprise-only, and you often discover this after you've already designed around them. Self-hosting the full cluster (auth service, proxy service, agents everywhere) is operationally non-trivial and the documentation, while extensive, assumes a lot about your existing infrastructure knowledge.