GatePlane operates through a series of plugins for Vault/OpenBao.
These plugins are available in gateplane-io/vault-plugins repository under the Elastic v2 License.
The list of available plugins is documented in this section.
The plugin API is documented under the API page.
All plugins can be configured using the Terraform modules provided by GatePlane:
github.com/gateplane-io/terraform-gateplane-policy-gategithub.com/gateplane-io/terraform-gateplane-okta-group-gate
Flow Features
Approvals
All plugins share the logic of approval-based access control.
A number of required approvals is set to mounts of the plugins, and claiming access is only possible if this number of approvals is reached.
Users cannot approve their own requests
To mitigate privilege-escalation, it is impossible for a requestor to approve their own Access Request.
Request and Approval expiration and deletion
Apart from the access itself, Access Requests and Approvals expire as well. The TTLs are configurable as shown in API Documentation
Additionally, Access Requests are deleted after a configurable duration.
Reason / Justification
Requesting elevated access often comes with a justification.
It is possible to mandate a justification for creating an Access Request, in case references to tickets is needed.