Self-hosted deployments


Sifflet can be deployed on your own infrastructure. This is called a "self-hosted deployment" (also referred as "in-VPC", "self-managed" or "on-premise").

We only recommend this solution for customers with strict compliance requirements, as it puts the burden of installation and maintenance on your organisation.

With this deployment type, all data resides inside your own infrastructure. Unlike some other solutions, self-hosted installations operate without exchanging any data with Sifflet, and don't even require Internet access (this is not a "hybrid" model).

You can optionally send logs from these installations to Sifflet to help Sifflet investigate issues with your deployment. You have full access to the contents of these logs and can turn them off at any moment.

A Sifflet installation complies with security requirements from most organisations. For instance, Sifflet always keeps the provided software up-to-date so it doesn't trigger vulnerability alerts from security scanners, container images can be run with arbitrary user IDs, and so on.

Supported environments

With a self-hosted deployment, the customer is responsible for managing the infrastructure that runs the Sifflet instance. The customer must provide a Kubernetes cluster, a database, and a secrets manager.

A Sifflet instance can be deployed to all the major cloud providers (AWS, GCP, Azure), as well as most Kubernetes clusters (such as OpenShift clusters running on-premise).

Sifflet can be deployed in environments without any Internet access.

Detailed documentation

Sifflet can share detailed documentation about how to install and maintain a self-hosted Sifflet instance under NDA (non-disclosure agreement).