Skip to main content

Managed Dedicated Instance

What I need

I'd like to simply use ZITADEL without having to take care of any operational tasks, yet keeping control over all its data.

CAOS bootstraps and maintains a new ZITADEL instance just for you. This includes its underlying infrastructure with Kubernetes on top of it as well as monitoring tools and an API gateway. Contact us at for purchasing ZITADEL Enterprise Cloud.


Depending on the infrastructure provider you choose, you need to ensure some prerequisites.

  • A JSON key for the infrastructure management to authenticate with a service account named orbiter-system assigned with the following roles
    • roles/compute.admin
    • roles/iap.tunnelResourceAccessor
    • roles/serviceusage.serviceUsageAdmin
    • roles/iam.serviceAccountUser
  • A JSON key for the backups storage to authenticate with a service account assigned with the role roles/storage.admin
    • roles/storage.admin
  • We need you to point four DNS subdomains to the CAOS-generated IP address.
  • For being able to send SMS, we need a Twilio sender name, SID and an auth token.
  • ZITADEL also needs to connect to an email relay of your choice. We need the SMTP host, user and app key as well as the ZITADEL emails sender address and name.

If you give us a Cloudflare user, an API key and a user service key, we can also manage the DNS entries, wildcard certificate and the IP whitelisting automatically using the Cloudflare API.

Metrics, logs and traces are collected and monitored by CAOS.