Teleport Access Plane

Teleport Database Access

Implement identity-based access for SQL and NoSQL databases, prevent data exfiltration, meet compliance requirements, and have complete visibility into access and behavior.

For DevSecOps

Easily secure your databases using security best practices

Implement industry best practices for database access with identity-based SSO, short-lived certificates for engineers or service accounts, multi-factor authentication, RBAC, and audit for all databases across all environments.
a diagram of server architecture
Identity-based access

Teleport enforces the use of auto-expiring x.509 certificates instead of static or shared credentials for engineers and service accounts to access databases.

Access requests

Move away from admin accounts with just-in-time privilege escalation for administrative tasks. Access requests can be approved via Slack or other supported plugins.

Consolidated policy

Consolidate policy for role-based access to all database instances across all environments in one place. This increases security and reduces operational overhead.

For compliance-minded engineers

Meet compliance requirements

Teleport was designed to continuously maintain compliance and pass audits with minimal configuration. The supported standards include SOC 2, FedRAMP, HIPAA, ISO 27001, PCI, and more.
a diagram of server architecture
Advanced authorization

Use the authorization mechanism best suited for your compliance requirements such as RBAC, per-session MFA, and dual authorization for privileged operations.

FIPS mode

Avoid human errors using Teleport FIPS mode, which rejects configuration options unless they are compliant with FIPS 140-2, also known as the Federal Information Processing Standard.

Session controls

Implement moderated sessions, enforce concurrent session restrictions, proactive session termination, and identity locking across your entire infrastructure footprint.

For developers

Database security that doesn't get in the way

A single sign-on gives developers access to all databases behind firewalls across all environments. There is no need to juggle multiple authentication methods across cloud providers or for jumping between VPNs.
a diagram of server architecture
Delightful experience

A single login gives users instant secure access to all databases they need, across all environments, ending the hassle of juggling multiple VPNs and access points.

Unified connectivity

Teleport automatically routes client connections to databases behind firewalls, cloud VPCs, edge networks, even to mobile IoT platforms!

Multi-platform

Teleport Database Access natively works the same way you do: on any laptop, any operating system, or in a browser.

Audit log

Complete visibility into access and behavior

Teleport provides a live view of all database sessions and keeps an audit log of database access events across all environments, making it easy to see what is happening and who is responsible.
Query-level visibility

Understand database access events including what queries are being run and by who to increase security and maintain compliance.

Live database catalog

With a real-time global catalog of all your databases in the cloud, on-prem, or edge, resource discovery, remote access, and maintenance are easy.

Cloud & self-hosted databases

Teleport provides access to cloud databases such as AWS RDS and Aurora, GCP Cloud SQL, and MongoDB Atlas as well as self-hosted databases.

Machine-to-machine access

Give an identity to all your microservices, CI/CD automation, and service accounts

Machine ID dramatically simplifies secure machine-to-machine access via SSH and X.509 certificates with access controls and audit built in.
diagram of machine id
Manage machine users at scale

Teleport Machine ID vastly simplifies certificate management for IT infrastructure and applications, just like Let’s Encrypt simplified TLS certificate management for websites.

Unified identity for developers & machines

Teleport Machine ID unifies access policies for people and machines, reducing operational overhead and increasing security and compliance.

Reduce supply chain attack impact

Teleport Machine ID automatically implements least privilege for all machine users so you don’t have to worry about a compromised service taking over your infrastructure.

network

Enter command and press enter

initials
Servers

Servers

exit button
Applications

Applications

exit button
Kubernetes

Kubernetes

exit button
Databases

Databases

exit button
Desktop

Desktop

exit button
plus

hostname

triangle

ariel

titania

iapetus

stephano

hyperion

despina

hostname

triangle

Windows

Windows Prod

Windows Dev

Windows Bizops

Windows Sys

Windows Bkp

address

118.117.49.216

179.107.7.218

181.203.6.225

68.150.64.132

154.152.16.215

179.107.7.218

labels

arch: x86_64

env: dev

env: staging

env: prod

os: centos-8

os: rhel-8

action

Connect

down caret

Connect

down caret

Connect

down caret

Connect

down caret

Connect

down caret

Connect

down caret

Teleport Connect

Developer-friendly browser for cloud infrastructure

Traditional terminals are optimized for accessing localhost. Teleport Connect offers enhanced user experience and identity-based access for engineers who work in the cloud.

Cloud-optimized user experience

Teleport Connect makes you feel that all cloud resources like thousands of SSH servers, Kubernetes clusters, databases, code repositories and Grafana dashboards are running on your laptop.

Identity-based security

When you access infrastructure using a traditional terminal, you inherit the identity of the localhost account and use disjointed combinations of config files, passwords and keys to access remote resources. Teleport Connect leaves passwords behind, inherits your identity from SSO and uses it for everything.

Demo Video

Works with everything you have

Teleport Database Access is open source and relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single binary, it seamlessly integrates with the rest of your stack.

MySQL
Postgres
cockroachdb
CockroachDB
GCP Cloud SQL
AWS RDS
AWS Aurora
redshift
AWS Redshift
MongoDB
MongoDB Atlas
Maria DB
msSQL
MS SQL
redis
Redis

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.
  1. The tsh client allows users to login to retrieve short-lived certificates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
Download Teleport
Terminal
# on a client
$ tsh login --proxy=example.com

# on a server

$ apt install teleport

# in a Kubernetes cluster

$ helm install

Try Teleport today

In the cloud, self-hosted, or open source
Get StartedView developer docs