Self Service Licensing & Credentials

Learn how to deploy Deepgram On Premises using self service. Deepgram’s self-serve on-premises solution is available through both the Deepgram Console and the Deepgram API.

Self Service On-Premises gives you the ability to self-manage your on-prem API keys and container image distribution credentials. Previously, on-prem customers had to go through Deepgram Support to have on-prem API keys and distribution credentials made. Now, on-premises customers can create on-prem API keys and distribution credentials through the Deepgram API or directly through the Deepgram console.

This new feature offers flexibility and control over your Deepgram on-premises deployments using Deepgram Console and Quay. For example, you now have the flexibility to rotate and expire your on-prem keys and credentials according to your access control policies.

This guide focuses on using Deepgram Console. If you would like to use the Deepgram API, see our API documentation on creating API keys and creating distribution credentials.

Verifying Access to On-Prem Products

This guide only applies to Console projects which have been granted access to self service on-prem products. If you have access, your Console menu should have an "On-prem" tab, as shown below.

On-prem products access

If you do not have this tab in Console, your project has either:

  1. Never received access to on-prem products
    1. To take advantage of our on-prem product offering, you will need to enroll in a Deepgram Enterprise Plan. If you're interested, please contact us!
  2. Received access to managed on-prem products, but has not yet been granted access to self-service on-prem products
    1. Please contact your Deepgram Account Representative to enable access.

With that out of the way, we can begin!

Create an On-prem API Key

📘

The API Key created in this section is referred to as an on-prem API key, with the placeholder DEEPGRAM_API_KEY, throughout our documentation.

  1. Login to Console on a web browser using your Deepgram account.
  2. Using the menu on the left, click on the "API Keys" tab, then click "Create a New API Key" to open the key creation pop-up.
Create an API Key button
  1. Provide a name for your key and set your key's role permission level. If you are unsure which role permission to use, select Member. Choose an expiration value and click "Create Key".
Create key pop-up Create key pop-up expiration section

📘

Role permissions are hierarchical. API Keys with Owner permissions can be used to create other API keys with Owner, Admin, or Member permissions via the Console API, whereas Admin API keys can only create other API keys with Admin and Member permissions.

For more information about role permissions in Console, refer to the Roles documentation.

  1. Your new secret API key is shown to you. It is a 40 character alphanumeric string. Please copy this secret and save it somewhere safe. For security reasons, we can't show the secret to you again. You can always create a new key if you lose your old secret. Click the box acknowledging you can't access the secret again, then click "Got it".
API Key secret display
  1. The pop-up will be dismissed and you will be back on the "API Keys" page. You should see your new on-prem API key and the on-prem products which are licensed to that key.
On-prem API key with licensed products

📘

Depending on your on-prem agreement with Deepgram, you may have access to different products. All on-prem customers have access to API and Engine. For access to License Proxy, Metrics, Billing, DGTools, and more, please contact Support.

Create a Set of Container Image Distribution Credentials

Previously, Deepgram used DockerHub (instead of Quay) as our container image repository. There is almost no difference in how you use Docker with either of these repositories - the only difference is the docker login command as documented in step 3.

🚧

Distribution credentials are not the same as on-prem API keys. In our documentation, when we refer to an on-prem API key (DEEPGRAM_API_KEY), this is referring to the key made in the previous section.

Distribution credentials are used only for access in pulling Deepgram product images onto your deployment environment, and will never be referred to as an "API key".

  1. Deepgram is currently using Quay to distribute container images. Back on the Console page, use the menu on the left and click on the "On-prem" tab, then click "Create new distribution credentials".
  1. Provide a name for your distribution credentials and click "Create Credentials".
Create Distribution Credentials pop-up
  1. Your new distribution credentials are shown to you. They are the following values:

    1. username which looks like deepgram+6ba7b810-9dad-11d1-80b4-00c04fd430c8.

    2. secret which looks like R2CTHDZ27R360V8H5LOWGBQ871HE9RP5YGWZA9JXWM3V98ST4VE3NYX72BK86Z7J.

    3. An example shell command that contains a docker login quay.io command that passes in the username:

      docker login quay.io --username deepgram+6ba7b810-9dad-11d1-80b4-00c04fd430c8
      
  2. You can use the secret from your on-prem distribution credentials as your password for the docker login quay.io command. Again, take note of the secret that is returned, as it can't be accessed again. Once you've copied it, check the box affirming you understand this and click "Got it".

Distribution credentials limited secret access
  1. The pop-up will be dismissed and you will be back on the "On-prem" page. You should see your new on-prem distribution credentials and the on-prem products which can be accessed with those credentials.
Distribution credentials table view

Migration for Existing Users

If you are deploying Deepgram to your environment for the first time, you may skip this section and proceed to the next guide, linked at the bottom of the page.

If have already deployed Deepgram services in your environment, you will need to configure your existing deployment to use your newly generated credentials.

  1. Upgrade your Deepgram product images to the most recent release. Login to quay.io using the newly generated credentials from Create a Set of Container Image Distribution Credentials. Then, follow the instructions here to pull the latest Deepgram images. Make sure to edit your docker-compose.yml file (or other orchestration platform files) to use the new version you just pulled.
  2. Replace your legacy static license with your newly generated on-prem API key, generated in Create an On-Prem API Key.
    1. Edit any custom api.toml and engine.toml configuration files. Replace the value at [license.key] with the DEEPGRAM_API_KEY value.
    2. If needed, edit the docker-compose.yml file (or other orchestration platform files) to replace the key used by the License Proxy or other add-on products. Replace the value at --license-key with the DEEPGRAM_API_KEY value.

Summary

This tutorial guided you through the process of setting up and managing Deepgram's On-Prem self-service, from API key creation to verifying your system for ASR requests. By following these steps, you've successfully learned how to independently manage your Deepgram on-prem API keys, as well as your distribution credentials for accessing Deepgram's Docker registry at Quay.


What’s Next

Whether you are spinning up a new deployment environment, or modifying an existing environment to use your new self-service credentials, the next step is to deploy Deepgram services on your local machine.