Hello Teleport Community,
For this week’s newsletter, I will focus on Teleport 11, which brings many new features, bug fixes and improvements. As this newsletter goes out, we’ll celebrate Teleport 11 and our first in-person San Francisco user conference. (It’s not too late to attend the Happy Hour! For more information, check out details below.)
Below I highlight some of my favorite additions for this release. For a more in-depth overview of everything in this release, please check out our Teleport blog post.
Kubernetes
We’ve upgraded our Helm charts to use persistent storage; this lets the team use short-lived join tokens, resolving this long-requested issue, improving security, and requiring one less static token.
We’ve seen many users on-board a lot of Kubernetes clusters. Teleport 11 makes this much easier with EKS and AKS Kubernetes auto-discovery. Given a user with access to the AWS cloud, the auto-discovery service will scan the cloud and register all clusters available in EKS.
Server Access: Goodbye SCP, Hello SFTP
SCP, or Secure Copy is a well-known, if a little old, protocol used for transferring files between hosts. Yet it has a few problems, along with being slow and insecure. Teleport has replaced SCP with SFTP, for a faster and more secure transfer protocol.
By adding SFTP support, it’s possible to better integrate with many IDEs, such as VSCode or JetBrains PyCharm, GoLand and others used for browsing, copying and editing files on remote systems.
Databases
Teleport 11 has added secure access to three new databases: Elastic, Cassandra, ScyllaDB. These new additions let teams better protect more of their infrastructure. We’ve set up a dedicated community Slack Channel for #database-access — we would love to know how you’re using Teleport Database Access.
Machine ID
Machine ID extended the identity for services, robots, and other automation use cases. Teleport 11 adds support for secret-less joining of Machine ID agents such as GitHub
Actions, CircleCI, and GitLab. See guide for more details. Want to learn more about Machine ID? Check out our presentation from Kubecon Why Machines Deserve Rights: Rethinking Automated Infrastructure Access with OSS Teleport.
In addition, the Teleport Terraform plugin now supports the creation of Machine ID Bots and Bot Tokens.
Teleport Connect
Teleport Connect is an app for Mac, Windows, and Linux Users to access their Teleport clusters. Teleport 11 has added support for Kubernetes, Access Requests and file upload/download. Teleport Connect is quickly becoming my favorite way to access my cluster.
Teleport Enterprise – Hardware Key Support (Preview)
Hardware Key Support is a new enterprise-only feature and is currently supported for Server Access only. Teleport 11 clients (such as tsh or Connect) support storing their private key material on Yubikey devices instead of the filesystem, which helps prevent credentials exfiltration attacks. Learn more in our guide.
Read the Github Release notes for details on bug fixes, improvements and possible breaking changes.
This wraps up this week’s newsletter for Teleport 11. If you would like to learn more about Identity-Native Infrastructure Access, I recommend joining us for Teleport Connect 22’s Happy Hour. Please email ben@goteleport.com for a VIP ticket to the Happy Hour, starting at 5 pm today, Nov. 9th!