CasePack

Self-host CasePack on your stack.

Docker Compose or Kubernetes. Keep evidence in your control. S3-compatible object storage. Keycloak SSO. Built for MSP multi-tenancy.

Get Self-Host GuideBook demo
Prereqs + sizing
TLS/DNS required • Postgres bundled or external
Starter

2 vCPU • 4-8 GB RAM • 50 GB storage

MSP Pro

4-8 vCPU • 16-32 GB RAM • 200 GB+ storage

Requires S3-compatible object storage for evidence artifacts and exportsOIDC IdP (Keycloak or equivalent)

Deployment Stack

  • Docker Compose
  • Kubernetes (MicroK8s ok)
  • Postgres + S3-compatible object storage
  • Keycloak SSO

Get the Self-Host Guide

Includes compose, K8s notes, security checklist.

Architecture Overview

A clean, containerized architecture you can deploy anywhere.

Browser
MSP users
CasePack Web
UI (React)
CasePack API
Spring Boot
Postgres
Database
Object Storage
S3-compatible
Keycloak
OIDC

Users access the CasePack Web UI, which communicates with the Spring Boot API. Authentication flows through Keycloak (OIDC). Incident data is stored in Postgres, while evidence artifacts (logs, screenshots, exports) go to S3-compatible object storage. All components run as containers in Docker Compose or Kubernetes.

Security Model

Built for MSP multi-tenancy with security controls that support audit-ready documentation.

Tenant isolation

Tenant isolation enforced server-side on every query. No cross-tenant data leakage.

Evidence integrity

Immutable evidence objects with audit log entries and export integrity checks.

SSO via Keycloak

OIDC-based authentication with Keycloak or your existing IdP.

Least-privilege storage

Scoped S3-compatible storage credentials per tenant. No blanket access to all buckets.

Audit log export

Full activity logs exportable for compliance reviews and incident timelines.

HTTPS everywhere

TLS everywhere with ingress-ready termination. No plaintext traffic in production.

Deployment Options

Start with Docker Compose, scale to Kubernetes when ready.

Docker Compose

Single node

Best for: Fast start, VPS, small teams
  • All-in-one compose file
  • Postgres + S3-compatible object storage + Keycloak
  • API + Web bundled
  • Easy upgrades

Kubernetes

HA-ready

Best for: Scale later, production HA
  • Helm chart available
  • MicroK8s, k3s compatible
  • Horizontal scaling
  • Ingress + TLS ready
Quick Start
Docker Compose
# Clone the repo
git clone https://github.com/casepack/self-host
cd self-host

# Configure environment
cp .env.example .env
# Edit .env with your settings

# Start all services
docker compose up -d

What you get when deployed

  • Multi-tenant MSP workspaces
  • Evidence exports (PDF/ZIP) with audit log
  • Webhook/PSA incident intake
  • Role-based tasks and approvals
  • Client-ready outputs in minutes
  • Secure evidence storage in S3-compatible object storage

Licensing

Simple subscription licensing for self-hosted deployments.

Signed License Token

Self-host subscriptions use a signed license token that encodes plan limits (single team vs multi-tenant), feature set, and tenant capacity.

Renewals and updates happen through a lightweight token refresh when you are ready.

Offline-capable

No mandatory phone-home. Works in air-gapped environments.

Optional updates

Connect for automatic updates and license renewals when convenient.

Integrations Roadmap

Start PSA-first. SIEM/EDR connectors come later.

IntegrationStatus
PSA (webhook / email ingest)Available
SIEM ingestRoadmap
Evidence PortalComing soon

Start with PSA webhooks for incident intake. SIEM ingestion and the Evidence Portal are on the roadmap for future releases.

Self-host FAQ

Quick answers for deployment and operations.

Want the guide + early access pricing?

Get the self-host guide and join our early access program.

Or book a demo instead