Teleport Access Plane

Teleport Database Access

Implement identity-based access to PostgreSQL, MongoDB, and MySQL, prevent data exfiltration, meet compliance requirements, and have complete visibility into access and behavior.
Get Started
tsh login db-proxy
Single Sign On
Single Sign On
an enter password screen
Multi Factor Authentication
a biometric verification screen
Security Key or Biometric Authenticator
Multi Factor Authentication
a multi-factor authentication screen
Authentication Successful
For DevSecOps

Easily secure your databases using security best practices

Implement industry best practices for database access with identity-based SSO, short-lived certificates, multi-factor authentication, RBAC, and audit for all databases across all environments.
a diagram of server architecture
Identity-based access

Teleport enforces the use of auto-expiring x.509 certificates tied to user identities, instead of static or shared credentials for access to your database.

Access requests

Move away from admin accounts with just-in-time privilege escalation for administrative tasks. Access requests can be approved via Slack or other supported plugins.

Consolidated policy

Consolidate policy for role-based access to all database instances across all environments in one place. This increases security and reduces operational overhead.

For compliance-minded engineers

Meet compliance requirements

Teleport was designed to continuously maintain compliance and pass audits with minimal configuration. The supported standards include SOC2, FedRAMP, HIPAA, ISO 27001, PCI and more.
a diagram of server architecture
Advanced authorization

Use the authorization mechanism best suited for your compliance requirements such as RBAC, per-session MFA, and dual authorization for privileged operations.

FIPS mode

Avoid human errors using Teleport FIPS mode which rejects configuration options unless they are compliant with FIPS 140-2, also known as the Federal Information Processing Standard.

Session controls

Implement moderated sessions, enforce concurrent session restrictions, proactive session termination, and identity locking across your entire infrastructure footprint.

For developers

Database security that doesn't get in the way

A single sign-on gives developers access to all databases behind firewalls across all environments. There is no need to juggle multiple authentication methods across cloud providers or for jumping between VPNs.
a diagram of server architecture
Delightful experience

A single login gives users instant secure access to all databases they need, across all environments, ending the hassle of juggling multiple VPNs and access points.

Unified connectivity

Teleport automatically routes client connections to databases behind firewalls, cloud VPCs, edge networks, even to mobile IoT platforms!


Teleport Database Access natively works the same way you do: on any laptop, any operating system, or in a browser.

Audit log

Complete visibility into access and behavior

Teleport provides a live view of all database sessions and keeps an audit log of database access events across all environments, making it easy to see what is happening and who is responsible.
a diagram of server architecture
Query-level visibility

Understand database access events including what queries are being run and by who to increase security and maintain compliance.

Live database catalog

With a real-time global catalog of all your databases in the cloud, on-prem, or edge, resource discovery, remote access, and maintenance are easy.

Cloud & self-hosted databases

Teleport provides access to cloud databases such as AWS RDS and Aurora, GCP Cloud SQL, and MongoDB Atlas as well as self-hosted databases.

Demo Video

Works with everything you have

Teleport Database Access is open source and relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single binary, it seamlessly integrates with the rest of your stack.

Google Cloud
Active Directory
One Login

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.
  1. The tsh client allows users to login to retrieve short-lived certifcates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
Download Teleport
# on a client
$ tsh login

# on a server
$ apt install teleport

# in a Kubernetes cluster
$ helm install

Try Teleport today

In the cloud, self-hosted, or open source
Get StartedView developer docs