Teleport 12 Is Here!

After 4 months of hard work we’re proud to announce the release of Teleport version 12!

From expanded Windows and Kubernetes support, to a preview of a brand new feature we’re calling Device Trust, Teleport 12 is loaded with improvements and new capabilities that make it easier than ever to securely access your entire infrastructure ecosystem.

Device Trust (Preview)

One of the biggest things we’re excited about in Teleport 12 is our upcoming Device Trust feature. Device Trust allows administrators to require that Teleport access is performed from an authenticated and trusted device. This way you can enroll specific devices and tie them into the existing Teleport RBAC framework, ensuring not only that the user must be authorized to access specific resources, but also that they are using an authorized device as well.

Device Trust leverages the Secure Enclave on macOS to solve device challenges issued by the Teleport CA, verifying the device’s authorized and trusted identity. Currently this feature is exclusively available on Mac, requiring a native client like tsh or Teleport Connect.

Check out how to enable Device Trust in our guide here!

Availability: Teleport 12.0 - Teleport Enterprise edition only

Passwordless Windows Access for Local Users (Preview)

Another exciting preview in this release is Passwordless Windows Access for local users. Teleport 12 brings passwordless certificate-based authentication to Windows Servers and Desktops in environments where Active Directory is not available. This means that with Teleport 12 you can securely access Windows desktops without the need for configuring Active Directory, putting more control and power in the hands of your administrators managing local Windows users.

Simply install Teleport on the Windows desktop you want to manage, and enjoy certificate-based, audited, passwordless access for each of your configured users!

To get started with this feature check out our guide on enabling Passwordless Windows Access for local users here. Or check out our in-depth video walkthrough!

Availability: Teleport 12.0 - Teleport Enterprise edition only

Per-pod RBAC for Kubernetes Access

A long awaited feature, Teleport 12 extends role-based access to individual pods in Kubernetes clusters. Previously Kubernetes access was limited to role mapping of Kubernetes users and groups. Now with Teleport 12 administrators can define pod-level rules and permission restrictions, allowing for much more fine-grained access control.

Pod RBAC also integrates with existing Teleport RBAC features such as role templating and access requests, allowing for flexible just-in-time access requests at the pod level. With the increasing complexity of Kubernetes access at scale, Teleport 12 makes it easier than ever to have confidence in the security of your cluster, regardless of the size.

For a walkthrough on how to configure per-pod RBAC, please visit our docs on Kubernetes Access!

Availability: Teleport 12.0 - Teleport Community and Teleport Enterprise editions

Azure and GCP CLI support for Application Access

Many of you may already be familiar with Teleport’s ability to manage access to AWS’s console and CLI commands. In Teleport 12 we bring this same great functionality to Azure and GCP! With Teleport 12, administrators and users can interact with the Azure and GCP APIs through Teleport Application Access using the brand new tsh az and tsh gcloud CLI commands.

Or, once you’re authenticated via the Teleport proxy, you can also use standard az and gcloud tools locally.

For more information on securing access to your cloud APIs, check out our guides here.

Availability: Teleport 12.0 - Teleport Community and Teleport Enterprise editions

Support for more databases in Database Access

Another area that’s getting expanded is our Database Access. Teleport 12 brings a number of new integrations to both AWS-hosted databases and Azure. On AWS Teleport 12 adds support for:

• DynamoDB (now with audit log support)
• Redshift Serverless
• RDS Proxy for PostgreSQL/MySQL

On Azure, Teleport 12 adds support for:

• SQL Server auto-discovery
• Azure Flexible Server for PostgreSQL/MySQL

Check out the above guides for more details on how to secure your cloud-hosted databases with Teleport.

Availability: Teleport 12.0 - Teleport Community and Teleport Enterprise editions

Refactored Helm charts

Helm charts are an easy way to install Teleport or to connect to a Kubernetes cluster. In an effort to improve scalability and user experience, the “teleport-cluster” Helm chart has been reworked substantially. Proxy and Auth are now separate deployments, and the new “scratch” chart mode makes it easier to provide a custom Teleport configuration.

For a full detailed description on the changes to the chart, and instructions on how to upgrade existing releases from version 11 to version 12 please check out our guide here.

Dropped support for SHA1 in Server Access

Alleviating a headache for Server Access users, new OpenSSH clients connecting to Teleport 12 clusters no longer need the “PubAcceptedKeyTypes” workaround which included the deprecated “sha” algorithm.

Availability: Teleport 12.0 - Teleport Community and Teleport Enterprise editions

Signed/notarized macOS binaries

Teleport 12 macOS binaries are now signed and notarized, meaning that users who download Teleport 12 Darwin binaries no longer get an “untrusted software” warning from macOS.

Availability: Teleport 12.0 - Teleport Community and Teleport Enterprise editions

tctl edit

Everybody’s favorite Teleport CLI tool tctl gets a huge improvement in Teleport 12. tctl now supports an edit subcommand, allowing you to edit resources directly in your preferred text editor. This means that you no longer need to do the annoying flow of editing a resource/stopping the server/starting the server. You can edit resources directly while keeping the server running!

For more information on using the new subcommand, read more about it in our docs.

Availability: Teleport 12.0 - Teleport Community and Teleport Enterprise editions

Breaking changes

Before you upgrade to Teleport 12 and start trying out the myriad of features it has to offer, please familiarize yourself with the following potentially disruptive changes that accompany the release.

These changes can be found in detail here.

Try Teleport 12 Today!

👉 Sign up for a free Teleport Cloud trial or download Teleport 12 from our download page.

👉 Follow our product documentation to get started.

👉 Register today for the Teleport 12 webinar on March 22nd

👉 Join the Slack channel where Teleport users and developers hang out for community support.