explaingit

warp-tech/warpgate

6,976RustAudience · ops devopsComplexity · 4/5Setup · moderate

TLDR

A self-hosted security gateway you install on your own server that controls, authenticates, and records all SSH, web, database, and Kubernetes access to your internal infrastructure, no special client software needed.

Mindmap

mindmap
  root((Warpgate))
    What it does
      Security access gateway
      Session recording
      No client software needed
    Protocols supported
      SSH
      HTTPS
      MySQL and PostgreSQL
    Auth features
      Two-factor auth TOTP
      OpenID Connect SSO
      Per-user permissions
    Deployment
      Single Rust binary
      SQLite storage
      Self-hosted only
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Set up Warpgate as a single entry point so your team accesses all internal servers through one audited, authenticated gateway instead of direct SSH

USE CASE 2

Record all SSH sessions to your production servers so you have a full playback log for compliance or security incident review

USE CASE 3

Replace a VPN for internal tool access by routing HTTPS and database traffic through Warpgate with two-factor authentication and per-user target permissions

Tech stack

RustSQLite

Getting it running

Difficulty · moderate Time to first run · 1h+

Requires a Linux server, DNS and firewall must route SSH and HTTPS traffic through the gateway binary.

In plain English

Warpgate is a self-hosted security gateway that sits between your users and the internal servers or services they need to access. Rather than giving people direct access to servers, you route connections through Warpgate, which authenticates each user, enforces which resources they are allowed to reach, and records everything that happens during the session. It supports several types of connections: SSH (the standard way to access a remote server's command line), HTTPS (regular web traffic), Kubernetes cluster management, MySQL databases, and PostgreSQL databases. Users connect using the same standard tools they already have, with no extra software required on their side. Warpgate intercepts the connection, checks who the user is, and then passes the traffic through to the intended target. Built-in features include two-factor authentication using time-based codes (TOTP) and single sign-on support through OpenID Connect, which lets you integrate with identity providers your organization already uses. Sessions are recorded and can be played back later through a built-in web admin interface. The admin interface is also where you manage user accounts, define which servers and services are available as targets, and assign which users can reach which targets. All of this runs as a single binary with no external dependencies. It is written in Rust and stores its data in an SQLite database by default. The project describes itself as production-ready and is fully open source. The README includes a comparison table showing how Warpgate differs from a traditional SSH jump host, a VPN, and Teleport. The key distinctions are that it requires no custom client software, records sessions at the command level rather than just logging connections, and keeps data fully on your own infrastructure.

Copy-paste prompts

Prompt 1
I want to install Warpgate as an SSH gateway so my team connects to internal servers through it instead of directly. Walk me through the initial setup, how to add a target server, and how to assign it to a user.
Prompt 2
How do I configure Warpgate to use OpenID Connect single sign-on so users authenticate with our existing identity provider instead of a local password?
Prompt 3
Show me how to play back a recorded SSH session in Warpgate's web admin interface. Where do I find session recordings and what can I see in the playback?
Prompt 4
I want to give a contractor access to one specific target server through Warpgate for 30 days. How do I create their account, assign the target, and later revoke access?
Open on GitHub → Explain another repo

← warp-tech on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.