Self-Hosting
Overview
When to self-host Avnology ID, comparison with managed, and licensing.
Overview
Self-hosted vs managed
Avnology ID is designed to run two ways:
| Concern | Managed (id.avnology.net) | Self-hosted |
|---|---|---|
| Who runs Postgres / Valkey? | Avnology | You |
| Auto-scaling + patches | Included | Your ops team |
| Compliance evidence | SOC 2 Type II, shared | Yours to prove |
| SLA | 99.95% | Yours to set |
| Data residency | US-East, EU-West | Anywhere you deploy |
| Custom IdP integrations / plugins | Standard | Yes (fork-friendly) |
| Support | Email / Slack | Community + paid tier |
Choose self-hosted when
- You need data residency in a region we don't yet host.
- Your regulator (banking, defense, healthcare in certain jurisdictions) requires air-gapped / on-prem.
- You want a fork to add internal plugins.
- You have an existing DBA + SRE team and prefer the control.
Choose managed when
- You want to ship faster than you can set up Postgres HA + cert automation.
- You don't have 24/7 on-call.
- You're pre-Series-A and optimizing for speed-to-market.
The API surface is identical. You can migrate managed -> self-hosted or vice versa with avnology migrate and pg_dump -- see backup-and-migrations.
Licensing
Avnology ID itself is source-available:
- Proto + SDKs + CLI + id-elements + design-system + login-widget: MIT.
- Gateway + web + docs apps: Elastic License 2.0 -- you may run internally for your own employees, you may not resell as a hosted service.
- Ory stack (Kratos, Hydra, Keto, Oathkeeper): Apache 2.0.
- Polis: Apache 2.0.
See LICENSE for the full text.
What's not supported on self-hosted (yet)
- Helm chart -- tracked for post-v1.0. Docker Compose is the only supported deployment today.
- Cross-region active-active -- Postgres is a single primary. Managed customers get this via our own infra.
- Managed backup automation -- see Backup & migrations for DIY.