A machine we connect to.
A group of targets that can be accessed simultaneously. Environments are uniquely named and each user requests explicit access to each environment via a policy attached to their account.
A saved tiling of connections to targets.
A terminal to a target. You can have multiple connections (i.e., terminals) to a single target in a given space.
A triplestore statement (subject, verb, object) where the subject is the user/group, the verb is the type of access allowed, and the object is the target/enviornment.
Session recording
A video recording of a user or group shell session from the web app or zli.
BastionZero's command line interface tool, also known as the zero-trust command line interface
BastionZero web app
BastionZero's web UI for connecting to targets, monitoring logs and session recordings, authoring policies, managing users, creating environments. This can be found at
Installed on targets to enable MrZAP and target autodiscovery. These agents are built from the BastionZero open-source agent. Two unique agents are built from the single open-source project, a docker container hosted on dockerhub and used for k8s targets and a systemD executable used for servers, VMs, and containers.
Add a new target
When we input the configuration information for a target, for instance its IP address, SSH key, alias, etc.
Added target
A target for which we have already stored the configuration information, for instance its IP address, SSH key, alias etc.
Connect to a target
Open a terminal to a target.
Find a target
When the end user wants to search through the saved targets in order to find a known target.
Reconnect to a target
When a target that is already in a space has gone offline, and we want to see if the target is back online so that we can shell into that target.
Lost connection
When a server goes offline while the terminal is open.
Autodiscovered targets
Targets with the ssm-agent.
Provisioning ID
User/organization’s GUID in BastionZero system.
Provisioning secret
Mechanism of linking autodiscovery target to account ID.
Manual targets
Ones that are configured by hand/API.
Command history
A collection of a user's previous commands.
Copy link