Keymate Logo

Your IAM, Inside Your Cloud

Keymate can be deployed directly into your organization's Virtual Private Cloud (VPC) or private cloud environment—ensuring complete network isolation, data control, and compliance with internal and regulatory policies.

Dedicated IAM Deployments, Fully Isolated Within Your Own Cloud Network

IAM Within Your Perimeter, Not Ours

Keymate runs as a dedicated, self-contained IAM stack within your own VPC or private cloud, without shared resources or control planes: All services deployed inside your network perimeter (no shared tenancy). Compatible with private EKS, AKS, GKE clusters and OpenShift. Ingress via internal or public load balancers with IP or VPN restrictions. Fully integrates with internal GitOps pipelines, Vault, and DNS. No outbound traffic required—telemetry and audit stay inside. Flexible deployment across Dev/Test/Prod environments. VPC deployments are ideal for: Regulated environments (gov, finance, healthcare). Organizations with existing cloud-native architecture. Customers with strict zero-trust or data residency requirements.

Private Cloud / VPC Deployment

Self-contained IAM stack deployed within your VPC or private cloud environment with complete network isolation, internal resource integration, and zero external dependencies.

Example: Dedicated IAM deployments, fully isolated within your own cloud network

Key Components:

Single-Tenant Isolation
Cloud-Agnostic Compatibility
Internal Network Integration
Zero External Dependencies
Multi-Environment Support

What Makes It Unique

Single-Tenant Isolation

All components run within your VPC—no shared resources

Cloud-Agnostic Compatibility

Works on AWS (EKS), Azure (AKS), GCP (GKE), OpenShift, or Rancher

Custom Network & DNS Integration

Use your own internal DNS, IP blocks, and load balancers

No External Calls Required

No call-home, telemetry, or licensing server dependencies

Secret & Config Integration

Supports AWS Secrets Manager, Azure Key Vault, GCP Secret Manager

Monitoring & Audit On-Premises

OpenTelemetry + SigNoz deployment stays within your network

Multi-Environment Separation

Clear Dev/Test/Prod separation with namespace or cluster isolation

CI/CD and GitOps Alignment

Compatible with ArgoCD, GitLab, Jenkins pipelines hosted privately

Frequently Asked Questions

Yes. VPC deployment allows internal networking and cloud resources, but no external internet calls unless explicitly allowed. Air-gapped is fully disconnected.
Yes. Our upcoming managed service offering (Q4 2025) includes VPC-hosted SaaS with SLA guarantees and control delegation.
Absolutely. All manifests and pipelines are compatible with ArgoCD, GitLab, and GitHub Enterprise deployed inside your cloud.
Fully supported via configuration overrides in Helm charts.
Yes. You control the entire observability pipeline—nothing leaves your VPC.

How to Use This Feature

Follow these steps to deploy Keymate within your VPC or private cloud environment.

Implementation Steps

1

Prepare your Kubernetes cluster inside the VPC (EKS, AKS, GKE, etc.)

2

Mirror Keymate Helm charts and container images to your private registry

3

Apply environment-specific values.yaml configs

4

Use GitOps tools like ArgoCD or manual Helm deployments

5

Monitor system health via your own SigNoz and OpenTelemetry stack

6

Restrict access via VPN, internal DNS, and IP whitelisting

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.