Back to Integrations

DigitalOcean Integration

Secure privileged access to your DigitalOcean infrastructure with unified identity, just-in-time access, and comprehensive audit trails for droplets, databases, and Kubernetes.

View DocumentationRequest Demo
Features

Comprehensive DigitalOcean Coverage

Secure access to all your DigitalOcean services with unified authentication and authorization.

Droplet Access

SSH access to droplets with automatic discovery and certificate-based authentication across all regions.

DOKS Integration

Secure access to DigitalOcean Kubernetes clusters with RBAC enforcement and kubectl proxy.

Managed Databases

Protocol-aware proxying for PostgreSQL, MySQL, MongoDB, and Redis managed databases.

Spaces Storage

Integration with DigitalOcean Spaces for session recording storage and audit log retention.

Capabilities

Enterprise-Grade DigitalOcean Integration

Droplet auto-discovery
DOKS cluster access
Managed database proxying
Spaces audit storage
VPC network integration
SSH key synchronization
Team management
API token integration
Load balancer support
Volume attachment tracking
Firewall rule integration
Project-based organization
Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with your DigitalOcean infrastructure.

1

Create API Token

Generate a DigitalOcean API token with read permissions for droplets, databases, and Kubernetes clusters.

# In DigitalOcean Dashboard:
# API → Tokens/Keys → Generate New Token
# Scopes: read (for discovery)
#
# Save the token securely
2

Configure Integration

Add the DigitalOcean integration to TigerAccess with your API token and select regions to monitor.

tacctl integrations add digitalocean \
  --api-token=dop_v1_your_token_here \
  --regions=nyc1,nyc3,sfo3 \
  --enable-droplets \
  --enable-databases \
  --enable-kubernetes
3

Configure SSH Access

Set up SSH access for droplets by adding the TigerAccess CA public key to your droplets.

# Get TigerAccess SSH CA public key
tacctl ca export --type=host > ca.pub

# Add to droplet user-data or cloud-init:
echo "TrustedUserCAKeys /etc/ssh/ca.pub" >> /etc/ssh/sshd_config
sudo systemctl restart sshd
4

Verify Discovery

Verify that TigerAccess has discovered your DigitalOcean resources and they are available for access.

tac ls
# Shows all discovered resources:
# - Droplets (all regions)
# - Managed databases
# - DOKS clusters
# - Load balancers

# Connect to a droplet
tac ssh root@my-droplet-nyc1

# Access a database
tac db connect postgres-prod

# Access Kubernetes cluster
tac kube login doks-production
Use Cases

Real-World DigitalOcean Scenarios

Development Team Access

Grant developers just-in-time access to staging and production droplets with automatic approval workflows and comprehensive session recording.

Multi-Region Management

Manage access across droplets and databases in multiple DigitalOcean regions with centralized authentication and unified audit trails.

Kubernetes Security

Secure access to DOKS clusters with fine-grained RBAC policies, namespace isolation, and complete kubectl command auditing.

Database Protection

Control access to managed PostgreSQL, MySQL, MongoDB, and Redis databases with credential rotation and query logging.

FAQ

Frequently Asked Questions

Does TigerAccess require agent installation on droplets?

No. TigerAccess uses certificate-based SSH authentication and does not require agents on droplets. You only need to configure your droplets to trust the TigerAccess CA. For enhanced features like session recording, you can optionally deploy the lightweight TigerAccess agent.

How does database access work with DigitalOcean managed databases?

TigerAccess acts as a protocol-aware proxy for managed databases. Users connect through TigerAccess which authenticates them, enforces access policies, and proxies connections to the database. This works with PostgreSQL, MySQL, MongoDB, and Redis managed databases.

Can I use TigerAccess with DigitalOcean Kubernetes (DOKS)?

Yes. TigerAccess integrates with DOKS clusters to provide secure kubectl access. Users authenticate through TigerAccess and receive short-lived kubeconfig credentials with appropriate RBAC permissions. All kubectl commands are audited.

Where are session recordings stored?

Session recordings can be stored in your own DigitalOcean Spaces bucket with encryption at rest. TigerAccess supports Spaces-compatible S3 API for secure storage of audit logs and session recordings.

How does TigerAccess handle droplets across multiple regions?

TigerAccess automatically discovers and manages droplets across all configured DigitalOcean regions. You can specify which regions to monitor during integration setup, and TigerAccess will maintain an up-to-date inventory of all resources.

Can I organize access by DigitalOcean projects?

Yes. TigerAccess respects DigitalOcean project organization and can map projects to TigerAccess roles and access policies. This allows you to grant team members access to specific projects while maintaining consistent security controls.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free TrialContact Sales

No credit card required • 14-day free trial • Enterprise support available