Announcing Pomerium v0.16

By Colin Mo
January 11, 2022

We are pleased to announce the v0.16 release of Pomerium! This big release includes several new features, including: a native Kubernetes Ingress Controller, a new desktop app to make working with TCP connections even easier, the ability to enforce device identity with WebAuthn, and the introduction of a concise but expressive policy language.

Zach Dunn
CISO at Optoro
“What really drove our adoption of Pomerium was our migration to Kubernetes…what we were trying to do is divorce the idea of needing to have a VPN for privileged access.”

Desktop App

For power users whose job requires the use of TCP-based services in a secure manner, we’ve created an easy-to-use desktop application to support secure access to non-web traffic protocols. Now, even users who need access to things like RDP, SSH, MySQL, Postgres, and REDIS can have zero trust based internal access without a VPN.

GUI for managing connections
Pomerium toolbar for easy, 1-click access

Device Identity & WebAuthn

With this release, Pomerium becomes the first identity-aware proxy to natively and directly support device identity. Pomerium uses an open-standard for device authentication, WebAuthn, to support device-aware access decisions. This realizes the promise of device-identity driven authorization as set out in the original BeyondCorp and NIST’s Zero Trust Architecture papers. 

Set device identity policy with Pomerium
Track and manage each device with Pomerium
See details on each device requesting access

Kubernetes Ingress Controller

Pomerium now has a first-class, secure-by-default Ingress Controller which supports native Kubernetes workflows. You can now dynamically provision routes from Ingress resources and set policy based on annotations. For example, the Ingress Controller can be used in conjunction with Cert-Manager for managing certifications.

Ingress Controller pulling certs using cert-manager
Ingress Controller with dynamic authorization policy

Pomerium Policy Language

Pomerium Policy Language (PPL) is a terse but expressive YAML-based notation for creating easy and flexible authorization policies. It’s now possible to express policy for contextual factors like time-of-day, groups, users, device identity as well as details about the incoming request. In the future, PPL can be used to enforce policy based on authorization context from third party sources like HR and asset management systems.

Next Steps

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any issues, please report them on the Pomerium GitHub issue tracker. This release also includes other new features, general improvements, and bug fixes. A complete list can be found in the changelog.

Working Towards Zero Trust

Using Pomerium at work? Pomerium Enterprise is purpose-built for companies moving from perimeter to zero trust and identity-based access methods. We are proud to support these companies with features and capabilities built specifically for their needs. To learn how Pomerium can support your organization’s needs, checkout our Github, documentation, or reach out to us directly

Try Enterprise