Warpgate

Warpgate is a transparent bastion host and privileged access management (PAM) service for securing access to internal SSH, HTTPS, MySQL, and PostgreSQL targets. It authenticates users, forwards connections directly to the target service without client wrappers, and provides auditing through an admin web UI.

Key Features

• Native listeners for SSH, HTTPS, MySQL, and PostgreSQL, with transparent forwarding to target services
• Role-based access control (RBAC) with precise user-to-service assignments
• Session recording with live view and replay for auditing
• Built-in admin web UI to manage users, targets, access, and session history
• SSO and 2FA support, including OpenID Connect and TOTP
• Single-binary deployment with minimal operational dependencies

Use Cases

• Secure controlled access to production servers and databases without VPNs or jump host configuration
• Audited contractor or third-party access with session replay and command-level visibility
• Acting as a proxy entrypoint for internal HTTPS services (including developer tooling endpoints)

Limitations and Considerations

• Default session history storage uses SQLite, which may not fit all scaling/HA requirements

Warpgate is suited for teams that need strong access controls, auditability, and SSO-backed authentication for infrastructure services while keeping client connections fully standard. It is particularly useful when you want bastion-like security without broad network access exposure.