Configure Teleport

Configure users, roles, authentication connectors, and more with tctl, Terraform, and Kubernetes resources.

Report an IssueView as Markdown

Is this page helpful?

How can we improve this page?

Teleport supports two ways to configure a cluster:

• Static configuration file: At startup, a Teleport process reads a configuration file from the local filesystem (the default path is /etc/teleport.yaml). Static configuration settings control aspects of a specific instance of a service, such as the Teleport Auth Service, Teleport Proxy Service, or a single Teleport Agent.
• Dynamic resources: Dynamic resources control aspects of your cluster that are likely to change over time, such as roles, local users, and Teleport-protected infrastructure resources. Dynamic resources do not configure specific services, but rather the cluster as a whole.

Use static configuration if you want to configure the services that run in your cluster, including cluster-wide options that you do not expect to change very often. For day-to-day configuration updates, such as new Teleport roles, you likely need a dynamic resource.

Static configuration

Learn how to add a static configuration file for a specific Teleport service.

Teleport Agents

Teleport Agents proxy connections to and from infrastructure like servers and databases. See how to get started configuring each Teleport Agent service.

• Teleport Application Service
• Teleport Database Service
• Teleport Desktop Service
• Teleport Kubernetes Service
• Teleport SSH Service

Teleport Control Plane

If you host your own Teleport cluster, learn how to configure the Teleport Auth Service and Proxy Service.

• High Availability Cluster
• Single-Machine Cluster

Configuration Reference

Configuration settings for all Teleport services.

Dynamic configuration tools

Teleport provides three methods for managing Teleport with infrastructure as code tools.

Teleport Terraform Provider

Manage dynamic Teleport resources with Terraform.

• Get started
• Setup guides
• Import Teleport resources

Teleport Kubernetes Operator

Manage Teleport resources directly from Kubernetes using the operator pattern.

• Deploy with a cluster
• Deploy without a cluster
• Secret lookup
• Troubleshooting

tctl client tool

tctl is a command-line client for managing dynamic resources. Learn how to get started with tctl.

Dynamic resource management guides

Follow step-by-step instructions for using Infrastructure as Code tools to manage the most commonly needed Teleport resources.

Access Lists

Centrally configured assignments of users to roles.

Agentless OpenSSH servers

OpenSSH servers registered without the Teleport SSH Service.

Kubernetes OIDC joining

Teleport Agents running on Kubernetes that join the cluster with no shared secrets.

Login Rules (Kubernetes Operator)

Data transformations for users who authenticate via a single sign-on provider.

Login Rules (Terraform Provider)

Login rules, managed via Terraform.

Trusted clusters

Teleport clusters configured to trust users in a root cluster.

Users and roles

Who can authenticate to your Teleport cluster and what permissions they have.

Dynamic resource references

Comprehensive lists of Teleport configuration options.

tctl resources

Comprehensive guide to fields in the dynamic resources you can manage with the tctl command-line tool.

tctl command reference

List of commands, arguments, and flags for the tctl command-line tool.

Teleport Terraform Provider

Comprehensive lists of resource and data source fields available to the Teleport Terraform provider.

Teleport Kubernetes Operator

Comprehensive lists of resources available to the Teleport Kubernetes Operator.

Reconciling Static and Dynamic Configuration

How Teleport merges overlapping options.