Deployment Options
Choose the deployment method that fits your infrastructure and team.
Decision Guide
| Factor | Docker | Heroku | Kubernetes | Bare Metal |
|---|---|---|---|---|
| Setup time | Minutes | Minutes | Hours | Hours |
| Ops overhead | Low | Minimal | Medium | High |
| Scaling | Manual | Auto | Auto | Manual |
| SSL/TLS | Reverse proxy | Built-in | Ingress | Manual |
| Cost | Infrastructure | Platform fee | Infrastructure | Infrastructure |
| Best for | Small teams, on-prem | Quick start, prototyping | Large orgs, multi-tenant | Full control, air-gapped |
Quick Recommendations
Just trying Vulcan? Start with Docker — single command to run.
Production for a small team? Docker with a reverse proxy (nginx/traefik) for SSL.
Managed platform? Heroku handles infrastructure, SSL, and backups.
Enterprise / multi-tenant? Kubernetes with Helm chart for scaling and isolation.
Air-gapped / classified network? Bare Metal for full control without container dependencies.
Common Requirements (All Deployments)
Every production deployment needs:
- Secrets —
SECRET_KEY_BASE,CIPHER_PASSWORD,CIPHER_SALT(generate withopenssl rand -hex 64) - PostgreSQL 18 — dedicated database with secure password
- Authentication — at least one provider (OIDC recommended, LDAP, or local login)
- SSL/TLS — HTTPS for all production traffic
See Configuration for the full "What You Must Provide" checklist.
Authentication Setup
All deployment methods support the same authentication providers:
- OIDC/Okta — recommended for production (Okta, Azure AD, Keycloak, Auth0)
- LDAP — Active Directory / OpenLDAP integration
- GitHub OAuth — lightweight OAuth for development teams
- Local login — email/password (enabled by default, disable for production)