Some confusion on supported hosts

I’m starting to dig into what boundary can do and i’ve run into some questions:

For a given host to be compatible with boundary, is it required to be unauthenticated and on the same network? Is that what’s meant by “reachable” in the docs?

For instance if a service requires an Authorization header to be passed. This would not be supported with boundary?


Hi @wulfmann! Thanks for the question. To clarify: for a service to be reachable by boundary there needs to be a functioning IP route between the worker nodes and the target host.

For example, if the host address is and the target default port is :22, then all workers must be able to route packets to - that means security groups/iptables/firewall rules must allow traffic between workers and this target. Let me know if that clarifies things for you!

1 Like

That does answer it yes, thanks! Do you know if there are plans to support auth types like basic auth, api key, etc in the future?

Do you mean to authenticate to Boundary itself? With the tcp target we’re not modifying the traffic itself so we aren’t touching the http connection or any authentication it is using.