Edgee On-Premise: The Gateway, Behind Your Firewall - Edgee Blog<br>Login
Edgee On-Premise: The Gateway, Behind Your Firewall<br>Julianne Hervier<br>Software Engineer
July 16, 2026Product
When processing highly sensitive data, such as financial transactions, clinical records, or government case files, maintaining full control over data residency is a core security requirement. For these organisations, all inference must occur within a trusted infrastructure.
Now, Edgee's AI Gateway is available as a fully on-premise deployment. You get the same advanced compress, route, and observe capabilities that power our cloud offering, but running entirely inside your own environment. This means you can connect to the latest AI models and manage traffic across providers, without ever relinquishing control over your data, provider keys, or observability.
Self-hosting is now a deployment choice, not a trade-off against the product.
What you get
A Docker Compose setup for a single VM, or a Helm chart for any Kubernetes 1.24+ cluster.
One container image, running non-root with a read-only root filesystem.
The same token compression, provider routing, and request-level observability as the hosted gateway: nothing stripped down for the on-prem path.
On-Premise is a distinct tier alongside Edgee's Shared Cloud and Dedicated Tenant hosting options. Deployment secrets are issued per-org through Console → Org settings → On-Premise, by an org admin.
Centralised config, without leaving your network
The default setup is connected mode. The gateway regularly syncs your organisation's configuration (model registry, routing rules, spend limits) from Edgee every 15 seconds and reports usage back, keeping your team dashboard live.
Prompts and provider keys never leave your infrastructure. The only outbound traffic is:
To your LLM provider (for prompt inference requests and responses)
To Edgee's control plane (for configuration sync and telemetry data, such as usage metrics and health checks)
No prompts, completions, or provider API keys are ever sent to Edgee. Your admins keep the same console they already use, just pointed at a gateway running on your infrastructure.
In fully air-gapped environments, where no outbound calls to Edgee are allowed, headless mode disables all syncing. Configuration is managed locally, with settings stored in a file on your infrastructure. No usage data is ever sent to Edgee, and the gateway communicates only within your network. For observability, you can route usage logs to your own internal OTLP endpoint, maintaining full visibility without sharing any data externally.
Control stays where it already is
Your own provider API keys (BYOK): Edgee never holds them.
Your own model allows list and per-team or per-user spend caps, authored locally.
Your own observability backend, if you'd rather route metrics there instead of the Edgee dashboard.
Your own secrets management: the Helm chart supports pulling license and signature keys from an existing Kubernetes secret, so nothing sensitive sits in a values file or in version control.
What this means for your team
Compliance and security leads get a straight answer to "where does our data go": nowhere it isn't already allowed to go. Prompts and provider keys stay on infrastructure you control.
Platform and infra owners get a gateway that installs like anything else in the stack: helm upgrade --install or docker compose up, versioned releases, no surprise upgrades.
If you're evaluating on-premises, learn more on the Edgee On-Premise page.
BlogOlder post
Contact us<br>Would you like to find out more about Edgee, test our services or our upcoming features? We’d love to hear from you. Please fill in the form below and we’ll be in touch.<br>First name<br>Last name<br>Email<br>Company<br>Message<br>Send message