Customer-Hosted SecureAuth Deployment Overview
This section provides an overview of deploying the SecureAuth IAM platform in customer-hosted environments—whether on-premises, in private data centers, or in self-managed public cloud infrastructure (e.g., AWS, Azure, GCP).
Learn about available deployment models, required dependencies, and how to configure SecureAuth for production readiness.
Deployment Options
SecureAuth is designed to be deployed on Kubernetes (K8s) using Helm Charts. We follow a GitOps approach, where infrastructure and configuration are version-controlled and centrally managed through Git.
To get started, visit our official reference repository:
âž¡ï¸ acp-on-k8s GitHub Repository
Warning
The example deployment in the repository is not production-ready by default.
Before going live, ensure your environment is hardened and production configured.
Deployment Modes
SecureAuth offers three deployment modes to support various use cases:
- Dev Mode – Quick start for evaluation or demo purposes
- Base Mode – Deploys SecureAuth and core dependencies in a high-availability architecture
- Full Mode – Adds observability components like tracing, logging, and metrics
Not sure which to choose?
Compare them here: Selecting the Right Deployment Mode
Core Dependencies
SecureAuth supports the following components as part of its customer-hosted deployment:
| Dependency | Requirement | Description |
|---|---|---|
| CockroachDB | Required | Stores user identities, client configurations, consent records, and more. |
| Redis Cluster | Required | Stores session data, access tokens, ID tokens, and other key-value pairs. |
| TimescaleDB | Optional | Stores audit logs and analytics using a time-series-optimized database. |
| SpiceDB | Optional | Enables fine-grained authorization (FGA) for applications integrated with SecureAuth. |
| Fission or Self-Managed FaaS |