Deployment
Production deployment options for your Sekuire agents.
Deployment Options
| Option | Best For | Infrastructure |
|---|---|---|
| sekuire run | Development, quick testing | Local |
| Docker | Single-node production | Any Docker host |
| Helm/BYOC | Kubernetes clusters | Your K8s cluster |
| Managed | Zero-ops | Sekuire Cloud |
Local Development
Use sekuire run for local testing with full bootstrap:
Terminalbash
sekuire run --cmd "npm start"This handles:
- Workspace registration
- Install token creation
- Heartbeat loop
- Agent process management
Docker Deployment
Use sekuire docker-init to generate production-ready Docker configuration:
Terminalbash
sekuire docker-init --ciThis generates Dockerfile, docker-compose files, and optionally GitHub Actions CI pipeline. See sekuire docker-init for all options.
Build & Push to OCI Registry
Terminalbash
# Login to Sekuire OCI registry
sekuire registry login
# Build image
docker build -t registry.sekuire.com/my-org/my-agent:v1.0.0 .
# Push (includes vulnerability scanning and signing)
sekuire registry push registry.sekuire.com/my-org/my-agent:v1.0.0Run with Beacon
Terminalbash
docker run -d \
-p 8000:8000 \
-e OPENAI_API_KEY=$OPENAI_API_KEY \
-e SEKUIRE_WORKSPACE_ID=ws_abc123 \
-e SEKUIRE_INSTALL_TOKEN=$INSTALL_TOKEN \
registry.sekuire.com/my-org/my-agent:v1.0.0The agent will automatically register with the Sekuire backend and start sending heartbeats.
Beacon Registration
For production deployments, agents should register with the Sekuire backend to enable:
- Fleet visibility in the dashboard
- Kill switch functionality
- Heartbeat monitoring and alerts
Learn more about Beacon or see the Beacon SDK for programmatic control.
Kubernetes (BYOC)
Generate a Helm chart for your cluster:
Terminalbash
sekuire install bundle \
--workspace ws_abc123 \
--image myrepo/my-agent:v1.0.0 \
--output deploy/helmDeploy with Helm
Terminalbash
cd deploy/helm/my-agent-helm
# Review values.yaml
# - Set secrets (API keys)
# - Configure replicas
# - Set resource limits
helm install my-agent . -n my-namespaceGenerated Files
deploy/helm/my-agent-helm/text
deploy/helm/my-agent-helm/
├── Chart.yaml
├── values.yaml # Configure here
├── README.md
└── templates/
├── deployment.yaml
├── service.yaml
├── configmap.yaml
└── secret.yamlManaged Deployment
Let Sekuire host your agent (zero infrastructure management):
Terminalbash
sekuire install agent \
--workspace ws_abc123 \
--agent $(sekuire hash) \
--deployment-type managedRequirements:
- Agent pushed to registry (
sekuire push) - Workspace with managed deployment enabled
Environment Variables
| Variable | Description |
|---|---|
SEKUIRE_WORKSPACE_ID | Target workspace |
SEKUIRE_AGENT_ID | Agent Sekuire ID |
SEKUIRE_INSTALL_TOKEN | Bootstrap token |
SEKUIRE_BACKEND_URL | API endpoint |
💡Use
sekuire install token to pre-generate tokens for CI/CD pipelines.Next Steps
- Install Commands — Token, bundle, agent
- CLI Run — Local development
- Policies — Compliance requirements