AEGIS
Sign in Start free

Docs · Self-host

Self-host AEGIS.

The hosted SaaS at aegis.dev is one way to run AEGIS. The other is to run the exact same gateway in your own infrastructure. Same code, same features, no quota.

Source: github.com/Justin0504/Aegis — MIT licensed.

1. Desktop bundle (easiest)

A single installer — macOS .dmg, Windows .msi, Linux .deb — that embeds the gateway + cockpit + portable Node runtime + every tool sidecar. Double-click, done.

Download page

2. Docker Compose (single host)

For servers, VPCs, or homelab. One YAML, gateway + cockpit + optional Postgres + optional Redis. 

git clone https://github.com/Justin0504/Aegis
cd Aegis
docker compose -f docker/compose.yml up -d

# gateway:  http://localhost:8080
# cockpit:  http://localhost:13003

Configuration knobs:

  • DATABASE_URL=postgres://... — switch from default SQLite to Postgres.
  • OTEL_EXPORTER_OTLP_ENDPOINT=https://... — emit OTLP traces to Datadog / Honeycomb / Tempo.
  • STRIPE_WEBHOOK_SECRET=... — if you're operating a paid SaaS on top.
  • AEGIS_API_KEY=... — bootstrap key; the cockpit lets you rotate it.

3. Kubernetes (multi-replica)

For Pro / Team / Enterprise scale. The gateway is stateless; state lives in Postgres + S3 (transparency log archive). 

helm repo add aegis https://github.com/Justin0504/Aegis/releases/download/v0.1.0/helm
helm install aegis aegis/aegis \
  --set image.tag=v0.1.0 \
  --set postgres.url=postgresql://aegis:...@postgres:5432/aegis \
  --set replicas=3

Helm chart is in deploy/helm/ in the repo. BYOC and on-prem deployments get a tailored chart via sales@aegis.dev.

4. Bare metal / systemd

sudo useradd -m aegis
sudo -u aegis git clone https://github.com/Justin0504/Aegis /opt/aegis
cd /opt/aegis && sudo -u aegis npm install --omit=dev
sudo -u aegis npm run build

# /etc/systemd/system/aegis.service
sudo systemctl enable --now aegis.service

A reference unit file ships at deploy/systemd/aegis.service in the repo.

What you give up vs hosted SaaS

  • You operate the gateway — patching, scaling, backups.
  • No SOC 2 attestation (yours to obtain if you need one).
  • No SLA from us — your infrastructure, your uptime.

What you keep

  • Every feature: detector chain, transparency log, policy DSL, witness, SCIM / SAML / OIDC, Stripe-aware billing scaffold.
  • Full source visibility — fork it, change it, ship it.
  • Zero data egress — traces never leave your perimeter.

Next