Turo Streamlines Infrastructure Access with Teleport

Challenge

Turo faced an urgent infrastructure access challenge when its previous provider, Cyral, was acquired and scheduled for shutdown. Platform engineering needed to replace Cyral’s database access flow before the service went offline.

At the same time, Turo was pursuing broader goals:

• Improving developer experience
• Strengthening security and compliance
• Reducing the cognitive load and friction of accessing infrastructure
• Ensuring future scalability across Turo’s growing engineering organization

Before Teleport, database access required managing tokens, copying connection strings from a web portal, and configuring each database individually — creating inconsistency and slowing engineers down. With a hard September cutoff from Cyral, the team needed a secure, quick-to-deploy replacement that aligned with Zero Trust principles.

Solution

After evaluating several solutions, Turo selected Teleport’s Infrastructure Identity Platform based on three factors:

1. Rapid, Seamless Deployment

During the proof of concept, Teleport was fully deployed and connected to Turo’s MySQL environments in under two hours. Teleport’s fast time to value stood in stark contrast to prior tools that required complex configuration and maintenance.

2. Zero Trust, Identity-First Access

Teleport replaced static database credentials with cryptographic identity and ephemeral privileges governed by short-lived certificates, eliminating the need for passwords, tokens, and long-lived secrets. This approach is the foundation

• Secretless authentication
• Least-privilege, just-in-time access
• Unified identity across users, resources, and devices

3. Seamless Integration with Existing Infrastructure

Teleport integrated cleanly with Turo’s environment:

• Amazon Elastic Kubernetes Service (Teleport deployed inside EKS)
• Amazon Relational Database Service for MySQL
• Okta for identity-driven role-based access control (RBAC)
• PagerDuty for automatic on-call access
• Terraform for infrastructure automation

Turo also built tagging and group-based policies in Teleport to ensure engineers received correct permissions without manual intervention.

Results

Faster, Simpler Access for Developers

Teleport drastically simplified how engineers connect to MySQL databases:

• Engineers authenticate once via Teleport.
• They connect to a local endpoint from any integrated development environment (IDE) or structured query language (SQL) client.
• Teleport handles secure, short-lived authentication behind the scenes.

This eliminated time-consuming token workflows and reduced friction across teams.

Operational Efficiency Through Identity-First Access

Teleport allowed Turo to centralize access logic using Okta groups, resource tagging, and auto-provisioned permissions. On-call engineers now receive instant, temporary access via PagerDuty — without manual approvals. This shift aligns to Teleport’s core principles of ephemeral privileges, unified access control, and zero credentials.

Improved Visibility and Auditability

Teleport provides identity-linked visibility into access activity. While Turo is early in its audit cycles, Teleport already supports its compliance workflows through centralized audit logs, session metadata, and integration with existing log pipelines.

A Platform for Future Expansion

With Teleport successfully powering MySQL access, Turo now plans to extend Zero Trust
access to more infrastructure. Turo is expanding Teleport across additional infrastructure
systems to strengthen security and simplify access end-to-end:

• Amazon Redshift
• OpenSearch admin panels
• Kubernetes clusters
• Virtual private network (VPN) replacement for internal services

As Turo continues to scale globally, Teleport’s Infrastructure Identity Platform will serve
as a foundation for secure, efficient engineering operations.