This document explains what telemetry is collected by the Machine ID
agent, why we want to collect this telemetry and, how to opt in or out.
Machine ID is an emerging part of the Teleport product and it's helpful for us to be able to identify the kinds of use-cases people have. This allows us to prioritise more common usages. Whilst we try to collect this sort of information by talking to users directly, having a more general overview of the product in the wild helps us make even more informed decisions and avoid our decisions being solely influenced by a select few users.
Anonymous telemetry is currently the only mode supported by
tbot. This means
that the collected data does not include anything which identifies:
- the specific machine
tbotis running on
- the cluster
tbotis connecting to
- the hosts, applications, databases and Kubernetes clusters
- the user that has configured
If we introduce further events to Machine ID's anonymous telemetry in future, we will abide by the above guidelines and ensure that changes are explicitly included in changelogs where new information is gathered.
Whilst we do not collect data which uniquely identifies the specific machine
tbot is running on, we may collect general information about the architecture
and operating system installed on the machine.
We do not assign a unique ID that identifies your
tbot installation across
multiple starts. This means it is not possible for us to determine how long
tbot has been installed on a machine or track changes made to a
configuration on a specific host over time.
We do assign a unique ID that identifies events that originate from a single
tbot start (you may hear this be referred to as a "session"). This allows
us to tie together multiple events and determine how long they occur after
tbot has started.
Anonymous telemetry in
tbot is strictly opt-in.
To opt in to this telemetry, set the opt-in environment variable to
export TELEPORT_ANONYMOUS_TELEMETRY=1 tbot start ...
You can use the same environment variable to explicitly opt-out of this
telemetry by setting the value to
export TELEPORT_ANONYMOUS_TELEMETRY=0 tbot start ...
If this environment variable is not configured,
tbot defaults to not
collecting anonymous telemetry.
Anonymous telemetry currently submits a single event on the start of
This event is called
tbot.start and contains the following attributes:
tbot.run_mode: one of [
daemon] depending on if
tbothas been invoked with
tbot.version: the running version of
tbot.join_type: the join method type that has been configured (such as
tbot.helper: the name of the helper that has started
tbotif one has been used. For example:
tbot.helper_version: the version of the helper that has started
tbotif one has been used
tbot.destinations_other: a count of destinations configured that are not associated with Database Access, Kubernetes Access or Application Access
tbot.destinations_database: a count of Database Access destinations configured
tbot.destinations_kubernetes: a count of Kubernetes Access destinations configured
tbot.destinations_application: a count of Application Access destinations configured