Security at Teleport
Security Team
Teleport maintains a cross-functional security team dedicated to:
- Teleport code, dependency, and supply chain vulnerability detection and response
- Teleport Cloud Security
- Corporate IT Security
Reporting a Vulnerability
To make a security vulnerability report, email [email protected] with the full details, including steps to reproduce the issue. We are deeply grateful to researchers and our community who report issues so that we can coordinate a fix and responsible disclosure. You may use our PGP public key below to encrypt sensitive information.
Security Commitments
Proactive Detection
We contract and publish third-party security audits of our products and platform annually. Our previous reports are available in our Audits page. Furthermore, Teleport conducts regular security vulnerability scanning of our code and infrastructure using tools like Dependabot and Clair container scanning.
Disclosure
We notify customers of critical vulnerabilities that affect the security of their systems. Prior vulnerability disclosures are found in our Teleport Release Notes.
Response
All security issues are rapidly triaged by our security team. High severity security findings trigger a formal incident response.
Privacy
As part of our security stance, we protect our customers’ and partners’ privacy. Find our privacy policy at https://goteleport.com/legal/privacy.
Compliance
We maintain SOC 2 Type II compliance for our cloud and on-prem products, which can be provided under NDA upon request. Additionally, we further commit to our Security Addendum, which covers policy, security, confidentiality, access controls, management, incident response, and more to detail how we protect customer data.
Public Certificates & Encryption Keys
- ID BEEDA496
- Fingerprint 24F1 C4E9 A718 FF7C FB0B 2F13 FF2E 90C4 BEED A496
- ID 6282C411
- Fingerprint 0C5E 8BA5 658E 320D 1B03 1179 C87E D53A 6282 C411
- SHA256 Fingerprint 78 2F E1 18 5F A1 AD 68 AD 25 0B A9 4D 21 DC BB 0D 8E 47 C6 E4 1D FE FB AB 05 41 33 4C 33 1D 43
- SHA1 Fingerprint 82 B6 25 AD 32 7C 24 1B 37 8A 54 B4 B2 54 BB 08 CE 71 B5 DF
- SHA256 Fingerprint 78 05 14 69 20 59 21 D1 EE 96 42 01 5A 28 35 FB E1 D4 38 5E 2A 23 5D 62 73 A4 D1 27 8A 33 BA 34
- SHA1 Fingerprint D2 70 EA 0C F2 0E CB 17 28 B2 21 E1 D5 B6 7C FE 50 FF AB 62
- Issued to Gravitational Inc.
- Thumbprint F2FBE7B8228122EB74DE2DC093DB81F8E6896253
- Right click on the binary in question, for example tsh.exe.
- Select “Properties”.
- On the resulting “tsh.exe Properties” dialog, select the “Digital Signatures” tab.
- Select the “Gravitational Inc.” signer from the list.
- Select the “Details” button.
- On the resulting “Digital Signature Details” dialog, ensure that the header states “This digital signature is OK.”
- Select the “View Certificate” button.
- On the resulting “Certificate” dialog, select the “Details” tab.
- Select the “Thumbprint” item from the list, and compare its value to the thumbprint listed above.