Skip to content

warpgate

Secrets & Credentials

Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software

Track releases GitHub Website
Rust Latest v0.24.1 · 1d ago Security brief →

Features

  • Acts as a bastion host for SSH, HTTPS, Kubernetes, MySQL and PostgreSQL without needing client apps or wrappers
  • Records every session with live view and replay through an admin web UI
  • Supports native 2FA (TOTP) and SSO (OpenID Connect)
  • Distributed as a single dependency‑free binary written in safe Rust

Recent releases

View all 13 releases →
No immediate action
v0.24.1 Bugfix

SSH instruction fix

Open
Config change
v0.24.0 New feature
Auth

Web SSH + default roles + tickets

Open
Review required
v0.23.4 Bug fix
Auth

API token username retrieval

Open
v0.23.3 Security relevant
Security fixes
  • GHSA-rj86-hm3r-c275: SSO state parameter validation prevents session hijacking through shared return links
Full changelog

Security fixes

GHSA-rj86-hm3r-c275

  • Verify SSO state parameter in https://github.com/warp-tech/warpgate/pull/1891

This vulnerability allowed an authorized Warpgate user A to share their SSO return link with another authorized Warpgate user B, potentially misleading B into getting logged in as A and subsequently sharing confidential information through user A's session.

Fixes

  • fix #1883 - re-normalize options.auth field for database targets by @Eugeny in https://github.com/warp-tech/warpgate/pull/1892

Full Changelog: https://github.com/warp-tech/warpgate/compare/v0.23.2...v0.23.3

What's Changed

  • Verify state parameter by @Eugeny in https://github.com/warp-tech/warpgate/pull/1891
  • fix #1883 - re-normalize options.auth field for database targets by @Eugeny in https://github.com/warp-tech/warpgate/pull/1892

Full Changelog: https://github.com/warp-tech/warpgate/compare/v0.23.2...v0.23.3

View release on GitHub
v0.23.2 Bug fix

Minor fixes and improvements.

Full changelog

Fixes

  • fix #1854 - PG timestamp types by @Eugeny in https://github.com/warp-tech/warpgate/pull/1877

Full Changelog: https://github.com/warp-tech/warpgate/compare/v0.23.1...v0.23.2

What's Changed

  • Bump follow-redirects from 1.15.11 to 1.16.0 in /warpgate-web by @dependabot[bot] in https://github.com/warp-tech/warpgate/pull/1867
  • fix #1854 - PG timestamp types by @Eugeny in https://github.com/warp-tech/warpgate/pull/1877
  • Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in https://github.com/warp-tech/warpgate/pull/1870

Full Changelog: https://github.com/warp-tech/warpgate/compare/v0.23.1...v0.23.2

What's Changed

  • Bump follow-redirects from 1.15.11 to 1.16.0 in /warpgate-web by @dependabot[bot] in https://github.com/warp-tech/warpgate/pull/1867
  • fix #1854 - PG timestamp types by @Eugeny in https://github.com/warp-tech/warpgate/pull/1877
  • Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in https://github.com/warp-tech/warpgate/pull/1870

Full Changelog: https://github.com/warp-tech/warpgate/compare/v0.23.1...v0.23.2

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
7,040
Forks
279
Languages
Rust Svelte Python
View on GitHub Homepage Documentation

Community & Support

Discord Sponsor / Fund

Similar tools

Yopass
authgear-server
vaultwarden
getaegis/aegis
Totpgate

Alternative to

SSH jump host VPN Teleport

Beta — feedback welcome: [email protected]