Announcing Pomerium v0.16

January 11, 2022

We are pleased to announce the v0.16 release of Pomerium! This big release includes several new features, including: a native Kubernetes Ingress Controller, a new desktop app to make working with TCP connections even easier, the ability to enforce device identity with WebAuthn, and the introduction of a concise but expressive policy language.

What really drove our adoption of Pomerium was our migration to Kubernetes…what we were trying to do is divorce the idea of needing to have a VPN for privileged access.

Zach Dunn, CISO at Optoro

Desktop App

For power users whose job requires the use of TCP-based services in a secure manner, we’ve created an easy-to-use desktop application to support secure access to non-web traffic protocols. Now, even users who need access to things like RDP, SSH, MySQL, Postgres, and REDIS can have zero trust based internal access without a VPN.

GUI for managing connections
Pomerium toolbar for easy, 1-click access

Device Identity & WebAuthn

With this release, Pomerium becomes the first identity-aware proxy to natively and directly support device identity. Pomerium uses an open-standard for device authentication, WebAuthn, to support device-aware access decisions. This realizes the promise of device-identity driven authorization as set out in the original BeyondCorp and NIST’s Zero Trust Architecture papers. 

Set device identity policy with Pomerium
Track and manage each device with Pomerium
See details on each device requesting access

Kubernetes Ingress Controller

Pomerium now has a first-class, secure-by-default Ingress Controller which supports native Kubernetes workflows. You can now dynamically provision routes from Ingress resources and set policy based on annotations. For example, the Ingress Controller can be used in conjunction with Cert-Manager for managing certifications.

Ingress Controller pulling certs using cert-manager
Ingress Controller with dynamic authorization policy

Pomerium Policy Language

Pomerium Policy Language (PPL) is a terse but expressive YAML-based notation for creating easy and flexible authorization policies. It’s now possible to express policy for contextual factors like time-of-day, groups, users, device identity as well as details about the incoming request. In the future, PPL can be used to enforce policy based on authorization context from third party sources like HR and asset management systems.

Next Steps

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any issues, please report them on the Pomerium GitHub issue tracker. This release also includes other new features, general improvements, and bug fixes. A complete list can be found in the changelog.

Working Towards Zero Trust

Using Pomerium at work? Pomerium Enterprise is purpose-built for companies moving from perimeter to zero trust and identity-based access methods. We are proud to support these companies with features and capabilities built specifically for their needs. To learn how Pomerium can support your organization’s needs, checkout our Github, documentation, or reach out to us directly

Share:

Stay Connected

Stay up to date with Pomerium news and announcements.

More Blog Posts

See All Blog Posts
Blog
Taking Back Zero Trust: Bank Policy Institute (BPI) provides a fairly reasoned take on Zero Trust
Blog
November 2024 Data Breaches [LIST]
Blog
12 Zero Trust Architecture Examples With Actionable Guide

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Pomerium logo
© 2024 Pomerium. All rights reserved