Skip to main content
SINT is designed for self-hosting. Typical deployments run the gateway, Postgres, Redis, and Console behind a reverse proxy.

Deployment shapes

Single-node dev

Docker Compose on your laptop. Gateway + in-memory ledger + Console. 5-minute setup.

Single-node prod

Docker Compose on a small VM. Postgres + Redis + gateway + Console. Suitable for small teams and pilots.

Multi-node prod

Kubernetes. Horizontally scaled gateways behind a load balancer, external Postgres, external Redis. Production SLA.

Managed (soon)

SINT Labs runs the stack for you. Subscription. Contact [email protected].

Docker Compose (prod)

Railway

Railway is the fastest path to a hosted deployment.
1

Fork the repo

Fork sint-ai/sint-protocol to your GitHub account.
2

Create a Railway project

Connect your fork. Railway detects the railway.json and provisions gateway + Postgres + Redis.
3

Set environment variables

SINT_GATEWAY_KEY, POSTGRES_PASSWORD, REDIS_PASSWORD.
4

Deploy

Railway builds from the monorepo root. Takes ~4 minutes for a cold deploy.

Kubernetes

Helm charts live in deploy/helm/. Install:

Key generation

Before first deploy, generate the gateway’s signing key:
Store this key securely. If it’s lost, every token issued by the gateway becomes unverifiable. Rotate only through the documented key-rotation procedure (see docs/operations/key-rotation.md in the repo).

TEE attestation (production)

For production deployments on Intel SGX, AMD SEV-SNP, or AWS Nitro Enclaves, enable TEE-signed ledger writes:
See docs/operations/tee-setup.md for provider-specific configuration.

Monitoring

Gateway exposes Prometheus metrics at /v1/metrics. Recommended alerts: Grafana dashboard JSON in deploy/grafana/.

Backup

Evidence ledger entries are append-only and hash-chained. Recommended backup:
  • Postgres: daily logical backup, 30-day retention
  • Ledger export: hourly incremental export of new events to S3 with object-lock
  • Key material: encrypted backup of SINT_GATEWAY_KEY in a hardware vault
Because the ledger is hash-chained, backup integrity is self-verifying. Restore runs chain_verify before accepting the restored state.

Upgrade

In-place upgrades are supported within the same major version. See CHANGELOG.md and docs/operations/upgrade-guide.md for version-specific steps.

Managed deployment

If you’d prefer not to operate the stack yourself, SINT Labs offers managed deployment via Studio. We operate the gateway, maintain key material, handle compliance attestation, and integrate with your existing observability.