Licensing¶
Overview¶
Sentari is distributed as a Docker image (ghcr.io/sentari-dev/sentari/server).
Without a valid license key the server still starts and serves the
login page, the Settings → License page, health/readiness probes, and
read-only paths, so an operator can paste a recovery key from the UI — but
data ingestion and write operations are gated (HTTP 402) until a valid
license is active.
License keys are issued by Sentari and tied to a customer record on license.sentari.dev. Contact your Sentari representative to obtain a license.
How it works¶
- Customer requests a license from their Sentari representative.
- Sentari issues a license key and emails it to the customer.
- Customer deploys Sentari with
SENTARI_LICENSE_KEY=...(env var) or pastes the key in the dashboard's Settings → License page. - The server contacts the license server, which returns an Ed25519-signed token. The server caches it and begins serving traffic.
License fields¶
| Field | Description |
|---|---|
| Customer name / email | For record-keeping |
| Tier | enterprise, community, or as specified in your contract |
| Expires at | Calendar date when the license stops being valid |
| Max devices | Hard cap on enrolled devices (null = unlimited) |
| Max packages | Hard cap on packages tracked across all devices |
| Grace period days | When the local expires_at passes, how many days of grace mode before going read-only |
| Read-only period days | When grace expires, how many days of read-only before lockout |
| Max offline days | How long your Sentari server may operate disconnected from license.sentari.dev before hard-failing |
The max_offline_days claim¶
This is the core enforcement of the air-gap-tier policy.
- Default: 1. The server tolerates short outages (license server reboot, outbound proxy hiccups) but otherwise expects regular phone-home.
- Up to 365. Issued only to customers who have purchased the air-gap tier and signed the appropriate contract addendum.
The value is part of the cryptographically signed token issued at phone-home time. You cannot extend it locally — modifying the database column would invalidate the signature and trigger the hard-fail middleware.
Tamper detection¶
The Sentari server writes LICENSE_TAMPER_DETECTED audit events when database
columns diverge from the signed claims. If you observe license warnings in your
audit log that you did not expect, contact your Sentari representative before
making any configuration changes.
License validation and air-gap deployments¶
Sentari performs periodic license validation against license.sentari.dev. In
air-gapped or restrictive network environments, allow outbound HTTPS (port 443)
to license.sentari.dev from the API server. If a proxy is required, configure
it via SENTARI_HTTPS_PROXY.
For deployments with a max_offline_days value greater than 1, the server
operates without network access to the license server for that number of days.
Plan ahead: if your air-gap tier allows 365 offline days, arrange license renewal
before expiry — the signed token cannot be extended locally after it lapses.
Renewing or upgrading your license¶
Contact your Sentari representative before your license expiry date. They will
issue a new key. Update it in the dashboard under Settings → License or
by setting the SENTARI_LICENSE_KEY environment variable and restarting the
API service — no data migration is required.