Announcing Pomerium v0.16
We are pleased to announce the v0.16 release of Pomerium! This big release includes several new features, including: a native Kubernetes Ingress Controller, a new desktop app to make working with TCP connections even easier, the ability to enforce device identity with WebAuthn, and the introduction of a concise but expressive policy language.
For power users whose job requires the use of TCP-based services in a secure manner, we’ve created an easy-to-use desktop application to support secure access to non-web traffic protocols. Now, even users who need access to things like RDP, SSH, MySQL, Postgres, and REDIS can have zero trust based internal access without a VPN.
Device Identity & WebAuthn
With this release, Pomerium becomes the first identity-aware proxy to natively and directly support device identity. Pomerium uses an open-standard for device authentication, WebAuthn, to support device-aware access decisions. This realizes the promise of device-identity driven authorization as set out in the original BeyondCorp and NIST’s Zero Trust Architecture papers.
Kubernetes Ingress Controller
Pomerium now has a first-class, secure-by-default Ingress Controller which supports native Kubernetes workflows. You can now dynamically provision routes from Ingress resources and set policy based on annotations. For example, the Ingress Controller can be used in conjunction with Cert-Manager for managing certifications.
Pomerium Policy Language
Pomerium Policy Language (PPL) is a terse but expressive YAML-based notation for creating easy and flexible authorization policies. It’s now possible to express policy for contextual factors like time-of-day, groups, users, device identity as well as details about the incoming request. In the future, PPL can be used to enforce policy based on authorization context from third party sources like HR and asset management systems.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any issues, please report them on the Pomerium GitHub issue tracker. This release also includes other new features, general improvements, and bug fixes. A complete list can be found in the changelog.
Working Towards Zero Trust
Using Pomerium at work? Pomerium Enterprise is purpose-built for companies moving from perimeter to zero trust and identity-based access methods. We are proud to support these companies with features and capabilities built specifically for their needs. To learn how Pomerium can support your organization’s needs, checkout our Github, documentation, or reach out to us directly.