Deploy VaultKit — a runtime governance layer for AI agents and production data.
Full documentation: docs.vaultkit.io/deployment
docker-compose.yml— wires all services together.env.example— configuration templatescripts/install.sh— generates keys and secretssecrets/— signing keys generated at install time
VaultKit runs four containers:
- Control Plane — Governs every data request: authentication, policy evaluation, approvals, and audit logging
- FUNL Runtime — Data plane and execution engine: translates queries into native SQL, applies field-level masking, and executes against your datasources
- Console — React web UI served via nginx
- Postgres — Metadata and application state
- Docker 24+
- Docker Compose v2
- A Linux host (VM, EC2, bare metal)
- A domain name
git clone https://github.com/vaultkit-inc/deploy.git
cd deploy./scripts/install.shGenerates signing keys and creates your .env from .env.example.
Edit .env and set:
APP_HOST— your public domain e.g.https://vaultkit.yourdomain.comFRONTEND_BASE_URL— usually same asAPP_HOSTPOSTGRES_PASSWORD— choose a strong password
docker compose up -ddocker compose psAll containers should be running. Visit your domain to access the VaultKit console.
Single-Domain (recommended for design partners) One domain serves both frontend and backend. No external reverse proxy required.
Multi-Domain (advanced) Separate domains for frontend and backend. For larger organizations with existing infrastructure standards.
See the full deployment guide for details.
After deployment:
- Create your first organization
- Configure OIDC provider
- Generate agent tokens
- Register data sources
- Apply your first policy bundle
- Documentation: docs.vaultkit.io
- Email: founders@vaultkit.io
- Logs:
docker compose logs
VaultKit is designed to deploy cleanly, predictably, and without surprises. If something feels harder than it should be, that's a signal — and we want to hear about it.