RelayKey
Get started
Self-hosted

Run RelayKey inside your VPC.

Same protected keys, disposable RelayKeys, audit logs, and key-holder profiles. Same dashboard. The proxy and database run in your environment. RelayKey's cloud is never in the request path for any vendor API call.

Contact sales →Book a setup call
What we see
The self-hosted instance contacts RelayKey only for license validation. That request includes license ID, app version, and instance ID. It never includes API traffic, vendor API keys, customer keys, audit logs, paths, request bodies, or response bodies.
Architecture

Local data plane. Connected license.

  • Single Docker image on private GHCR. Same artifact runs the dashboard, proxy, and license-refresh services in your docker-compose stack.
  • Encryption at rest with your key. Upstream API keys are encrypted with a 32-byte key you generate and own. We never see it.
  • Cached signed entitlement. Boots immediately from a valid local cache, even during a RelayKey outage. 14-day grace before any operational stop.
  • Customer-controlled upgrades. No auto-update. Pin a version in your env, pull on your cadence.
  • Bring your own TLS. Caddy ships with the compose template and obtains Let's Encrypt certs automatically, or swap in your existing reverse proxy.
             ┌──────────────────────────────────────┐
             │  Your VPC                            │
agent   ────▶│                                      │
             │   Caddy (TLS)                        │
             │    ├─▶ relaykey-web    :3000        │
             │    └─▶ relaykey-proxy  :8080        │
             │                                      │
             │   relaykey-license-refresh           │
             │    └─▶ /data/license-cache.json     │
             │                                      │
             │   Volume:                            │
             │    relaykey.db (SQLite)              │
             │    license-cache.json                │
             │    instance-id                       │
             └──────────────┬───────────────────────┘
                            │
                  license validate only
                  ~1KB POST, daily
                            ▼
             ┌──────────────────────────────────────┐
             │  app.relaykey.ai (license server)    │
             └──────────────────────────────────────┘
Parity

Everything you get on RelayKey Cloud.

Same dashboard, same audit log, same key-holder profiles, same disposable RelayKeys, same email-confirm 2FA on every new IP, same vendor catalog. The only operational difference: where the bytes live.

Ready to evaluate?

We send the docker-compose template, a temporary license token, and a 30-min setup call. From signed contract to first proxied request: typically same-day.

Contact salesBook a 30-min setup call →