What’s New in Teleport 11

It’s the news everyone’s been waiting for: Teleport’s version 11 release!

This release is packed with features from SFTP support all the way to GitHub Actions Machine ID compatibility.

Let’s dive in!

Hardware-Backed Private Keys

On the client side (those using tsh or Connect) Teleport 11 now includes support for storing your private key material on Yubikey devices instead of directly on the filesystem. This helps Teleport be even more secure and resilient to credential attacks like exfiltration hacks..

Check out our guide here to see how to enable it today!

Availability: Teleport 11.0 - Teleport Enterprise edition only, limited to Server Access

SFTP Protocol Support

In the interest of forward-thinking security standards, Teleport 11 adds server-side support for SFTP protocol, eliminating the need to use the less secure SCP protocol when transferring files. This is particularly useful when using IDE’s such as VSCode, or the Jetbrains suite of tools: such as Pycharm, GoLand etc. which all use SFTP for browsing, copying, and editing files on remote systems.

To start using IDE’s to connect to remote machines using Teleport, check out our guides here:

• https://goteleport.com/docs/server-access/guides/vscode/
• https://goteleport.com/docs/server-access/guides/jetbrains-sftp/

Additionally Teleport 11 clients will use SFTP protocol for file transfer under the hood, without any need for manual configuration. But don’t worry! Server-side scp is still supported so existing clients aren’t affected and will continue to work as expected when transferring files between Teleport- managed resources.

Availability: Teleport 11.0 - Teleport Community and Teleport Enterprise editions

Helm Charts Persistent Storage

Teleport services and Teleport- managed Kubernetes resources will now store their identities in Kubernetes Secrets, completely removing the need for persistent storage use or static join tokens. This also means that Teleport 11 users no longer need to use persistent storage when deploying helm charts.

If you currently have an existing Teleport Kubernetes deployment, this change involves migration fro m Deployment to StatefulSet which is performed automatically during Helm upgrade to Teleport 11.

Availability: Teleport 11.0 - Teleport Community and Teleport Enterprise editions

EKS/AKS Auto-Discovery

Tired of manually adding EKS and AKS clusters to your Teleport host? You’re in luck! Teleport 11 now adds support for automatic discovery and enrollment of AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) clusters.

If you’re already familiar with Teleport’s auto discovery of SSH hosts, it’s the same concept. Simply add a label to the Kubernetes resource and the Teleport host cluster will automatically onboard those resources to the cluster, allowing you to scale up and down K8’s resources without the need for hefty manual configuration.

Availability: Teleport 11.0 - Teleport Community and Teleport Enterprise editions

Expanded Azure Integration and Support

If you heavily use Azure, Teleport 11 adds multiple benefits and expanded support. One big change is that Teleport 11 agents running on Azure VMms will now automatically import Azure tags to label resources, making it easier than ever to manage a fleet of virtual machines hosted in Azure.

Additionally for those using Teleport Database Access, Teleport 11 now supports auto-discovery for Azure-hosted PostgreSql and MySQL databases. For more information on how to configure auto discovery, check out this updated Azure guide for more details.

Finally Teleport Database Access will now user Azure- AD- managed identity authentication for Azure-hosted SQL Server databases. This cuts down on additional middle-layer configuration allowing for a much more seamless user experience for administrators and users alike.

Availability: Teleport 11.0 - Teleport Community and Teleport Enterprise editions

Cassandra & ScyllaDB Support

Teleport 11 includes Database Access support for both Cassandra and ScyllaDB. This will allow you to manage both types of database resources with Teleport 11, including support for AWS Keyspaces.

Availability: Teleport 11.0 - Teleport Community and Teleport Enterprise editions

Machine ID

One of our most requested features is finally coming to Teleport Machine ID: GitHub Actions Support! With Teleport 11 you can now manage resources directly from GitHub Actions without the need for persistent secrets, making your workflows even more secure and efficient.

For additional details on Teleport Machine ID GHA support, take a look at our guide for getting started with Teleport GitHub Actions.

Corresponding with the Teleport 11 release, we have also released a GitHub Action for setting up the Teleport binaries within a GitHub workflow environment, allowing you to more easily automate ephemeral workflows using Teleport and GitHub Actions without the need for custom scripting.

For more details and to try out our canned GitHub Action yourself, please visit our Teleport GitHub Actions Repo.

In addition to this enhanced support, the Teleport Terraform plugin now supports the creation of Machine ID Bots and Bots Tokens.

Availability: Teleport 11.0 - Teleport Community and Teleport Enterprise editions

Teleport Connect

Teleport Connect has added support for Access Requests and file upload/download. Teleport Connect continues to mature into a powerful product for making access accessible for those less comfortable with using our other CLI tools and interfaces.

Breaking Changes

Before you upgrade to Teleport 11 and start trying out the myriad of features it has to offer, please familiarize yourself with the following potentially disruptive changes that accompany the release.

These changes can be found in detail here.

Try Teleport 11 Today!

👉 Sign up for Teleport Cloud or download Teleport 10 from our download page. 👉 Follow our product documentation to get started. 👉 Join the Slack channel where Teleport users and developers hang out for community support.