Frequently Asked Questions (FAQ)
Background
Why build Infra?
Is Infra open-source?
Yes. Infra is distributed under two licenses:
- The MIT license (for the CLI and agent)
- The Elastic license (for the core API server)
Comparison to other tools
vs built-in auth mechanisms?
Most cloud services use built-in auth mechanisms that rely on passwords or static credentials.
vs VPNs (e.g. Tailscale & Cloudflare Access)
vs OIDC-based auth?
Not all Infrastructure support OIDC. Infra uses credential vaulting to create short-lived tokens with the same properties of a certificate or JWT token.
vs secret managers (e.g. Vault)?
vs Teleport?
Unlike Teleport and other access proxy tools, Infra doesn't proxy traffic or use encrypted tunnels. Infra is designed to be used as an authentication mechanism alongside existing networking tools such as OpenVPN, Tailscale or others.
Reliability
What happens if Infra goes down?
Does Infra have a status page?
We do! See status.infrahq.com.
Security, Privacy & Compliance
Can Infra access my servers?
Does Infra expose my servers, clusters or other infrastructure to the internet?
What happens if the cloud service were to be compromised?
Is Infra SOC2 certified?
Troubleshooting
I am seeing a lot of TLS Handshake errors in my logs
Although the Infra connector will install with a minimum of settings in the Helm values file, you will also need to set the health check options. Refer to the Kubernetes page for more.
I added a connector, but it's taking a long time to establish a connection
Depending on which cloud provider is hosting your cluster, it may take a few minutes for a Load Balancer to be configured.