tking/bascule-oss
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-oss/docs/comparison.md
Tyler King e7fc9fa5e1 feat: structured logging, tracing spans, comprehensive documentation 
Observability:
  Structured JSON logging via BASCULE_LOG_FORMAT=json
  Tracing spans on auth (method, principal, peer)
  Tracing spans on session lifecycle (id, principal, backend, source_ip)
  Tracing spans on exec requests (session_id, command)
  Config: [telemetry] and [metrics] sections (OTel export planned)

Documentation (8 files, 489 lines):
  docs/quickstart.md — three-path getting started
  docs/configuration.md — full config reference with examples
  docs/authentication.md — all auth modes with setup guides
  docs/architecture.md — backends, traits, extension model, security
  docs/observability.md — logging, tracing, metrics
  docs/comparison.md — vs Teleport, Boundary, StrongDM
  images/README.md — curated image catalog
  README.md — features, comparison, quickstart, extension example

1557 lines Rust, 489 lines docs, 0 substrate deps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 23:45:03 -04:00

1.7 KiB
Raw Blame History

Comparison

Feature Bascule Teleport Boundary StrongDM
License Apache 2.0 AGPL / Commercial MPL / Commercial Commercial
Agents required No Yes Yes Yes
Control plane No Required Required SaaS
Container sessions Native Via agents No No
AI Agent Identity Native (Entra Agent ID) No No No
Binary size ~7MB ~150MB ~100MB N/A (SaaS)
Auth SSH keys, OIDC, Certs, Agent ID OIDC, SAML, GitHub OIDC, LDAP SAML, OIDC
Session recording Via SessionHandler Built-in Built-in Built-in
Kubernetes Any (pod) Requires agent Requires worker SaaS
Extensibility SessionHandler trait Plugin system No No
Proxy mode Built-in Built-in Built-in SaaS
Config Single TOML file Complex YAML Complex HCL Web UI

When to choose Bascule

  • You want a lightweight SSH proxy without a control plane
  • You need ephemeral container sessions per connection
  • You need AI agent identity (Entra Agent ID) alongside human SSH
  • You want to extend the proxy with custom policy via a Rust trait
  • You want Apache 2.0 licensing without AGPL constraints
  • You want a single binary under 10MB

When to choose Teleport

  • You need a full access management platform (SSH + K8s + DB + Web)
  • You need built-in session recording with search
  • You need desktop application access
  • You have a large team and need role-based access at scale
  • AGPL licensing is acceptable for your use case

When to choose Boundary

  • You're fully invested in the HashiCorp ecosystem
  • You need dynamic credential injection
  • You need multi-hop proxy chains
  • MPL licensing works for your organization