RelayKey
Get started
Self-hosted

Run RelayKey inside your VPC.

Same scoped credentials, audit logs, and recipient profiles. Same dashboard. The proxy and database run in your environment — RelayKey's cloud is never in the request path for any vendor API call.

Contact sales →Book a setup call
What we see
The self-hosted instance contacts RelayKey only for license validation. That request includes license ID, app version, and instance ID. It never includes API traffic, vendor tokens, customer keys, audit logs, paths, request bodies, or response bodies.
Architecture

Local data plane. Connected license.

  • Single Docker image on private GHCR. Same artifact runs the dashboard, proxy, and license-refresh services in your docker-compose stack.
  • Encryption at rest with your master key. Upstream API tokens are encrypted with a 32-byte key you generate and own. We never see it.
  • Cached signed entitlement. Boots immediately from a valid local cache, even during a RelayKey outage. 14-day grace before any operational stop.
  • Customer-controlled upgrades. No auto-update. Pin a version in your env, pull on your cadence.
  • Bring your own TLS. Caddy ships with the compose template and obtains Let's Encrypt certs automatically — or swap in your existing reverse proxy.
             ┌──────────────────────────────────────┐
             │  Your VPC                            │
agent   ────▶│                                      │
             │   Caddy (TLS)                        │
             │    ├─▶ relaykey-web    :3000        │
             │    └─▶ relaykey-proxy  :8080        │
             │                                      │
             │   relaykey-license-refresh           │
             │    └─▶ /data/license-cache.json     │
             │                                      │
             │   Volume:                            │
             │    relaykey.db (SQLite)              │
             │    license-cache.json                │
             │    instance-id                       │
             └──────────────┬───────────────────────┘
                            │
                  license validate only
                  ~1KB POST, daily
                            ▼
             ┌──────────────────────────────────────┐
             │  app.relaykey.ai (license server)    │
             └──────────────────────────────────────┘
Parity

Everything you get on RelayKey Cloud.

Same dashboard, same audit log, same recipient profiles, same scoped credentials, same email-confirm 2FA on every new IP, same vendor catalog. The only operational difference: where the bytes live.

Ready to evaluate?

We send the docker-compose template, a temporary license token, and a 30-min setup call. From signed contract to first proxied request: typically same-day.

Contact salesBook a 30-min setup call →