Self Service On-Premises gives you the ability to self-manage your on-prem API keys and container image distribution credentials. Previously, on-prem customers had to go through Deepgram Support to have on-prem API keys and distribution credentials made. Now, on-premises customers can create on-prem API keys and distribution credentials through the Deepgram API or directly through the Deepgram console.
This new feature offers flexibility and control over your Deepgram on-premises deployments using Deepgram Console and Quay. For example, you now have the flexibility to rotate and expire your on-prem keys and credentials according to your access control policies.
This guide only applies to Console projects which have been granted access to self service on-prem products. If you have access, your Console menu should have an "On-prem" tab, as shown below.
If you do not have this tab in Console, your project has either:
- Never received access to on-prem products
- Received access to managed on-prem products, but has not yet been granted access to self-service on-prem products
- Please contact your Deepgram Account Representative to enable access.
With that out of the way, we can begin!
The API Key created in this section is referred to as an on-prem API key, with the placeholder
DEEPGRAM_API_KEY, throughout our documentation.
- Login to Console on a web browser using your Deepgram account.
- Using the menu on the left, click on the "API Keys" tab, then click "Create a New API Key" to open the key creation pop-up.
- Provide a name for your key and set your key's role permission level. If you are unsure which role permission to use, select
Member. Choose an expiration value and click "Create Key".
Role permissions are hierarchical. API Keys with
Ownerpermissions can be used to create other API keys with
Memberpermissions via the Console API, whereas
AdminAPI keys can only create other API keys with
For more information about role permissions in Console, refer to the Roles documentation.
- Your new secret API key is shown to you. It is a 40 character alphanumeric string. Please copy this secret and save it somewhere safe. For security reasons, we can't show the secret to you again. You can always create a new key if you lose your old secret. Click the box acknowledging you can't access the secret again, then click "Got it".
- The pop-up will be dismissed and you will be back on the "API Keys" page. You should see your new on-prem API key and the on-prem products which are licensed to that key.
Depending on your on-prem agreement with Deepgram, you may have access to different products. All on-prem customers have access to API and Engine. For access to License Proxy, Metrics, Billing, DGTools, and more, please contact Support.
Previously, Deepgram used DockerHub (instead of Quay) as our container image repository. There is almost no difference in how you use Docker with either of these repositories - the only difference is the
docker login command as documented in step 3.
Distribution credentials are not the same as on-prem API keys. In our documentation, when we refer to an on-prem API key (
DEEPGRAM_API_KEY), this is referring to the key made in the previous section.
Distribution credentials are used only for access in pulling Deepgram product images onto your deployment environment, and will never be referred to as an "API key".
- Deepgram is currently using Quay to distribute container images. Back on the Console page, use the menu on the left and click on the "On-prem" tab, then click "Create new distribution credentials".
- Provide a name for your distribution credentials and click "Create Credentials".
Your new distribution credentials are shown to you. They are the following values:
usernamewhich looks like
secretwhich looks like
shell commandthat contains a
docker login quay.iocommand that passes in the
docker login quay.io --username deepgram+6ba7b810-9dad-11d1-80b4-00c04fd430c8
You can use the
secretfrom your on-prem distribution credentials as your password for the
docker login quay.iocommand. Again, take note of the secret that is returned, as it can't be accessed again. Once you've copied it, check the box affirming you understand this and click "Got it".
- The pop-up will be dismissed and you will be back on the "On-prem" page. You should see your new on-prem distribution credentials and the on-prem products which can be accessed with those credentials.
If you are deploying Deepgram to your environment for the first time, you may skip this section and proceed to the next guide, linked at the bottom of the page.
If have already deployed Deepgram services in your environment, you will need to configure your existing deployment to use your newly generated credentials.
- Upgrade your Deepgram product images to the most recent release. Login to quay.io using the newly generated credentials from Create a Set of Container Image Distribution Credentials. Then, follow the instructions here to pull the latest Deepgram images. Make sure to edit your
docker-compose.ymlfile (or other orchestration platform files) to use the new version you just pulled.
- Replace your legacy static license with your newly generated on-prem API key, generated in Create an On-Prem API Key.
- Edit any custom
engine.tomlconfiguration files. Replace the value at
- If needed, edit the
docker-compose.ymlfile (or other orchestration platform files) to replace the key used by the License Proxy or other add-on products. Replace the value at
- Edit any custom
This tutorial guided you through the process of setting up and managing Deepgram's On-Prem self-service, from API key creation to verifying your system for ASR requests. By following these steps, you've successfully learned how to independently manage your Deepgram on-prem API keys, as well as your distribution credentials for accessing Deepgram's Docker registry at Quay.
Updated 13 days ago
Whether you are spinning up a new deployment environment, or modifying an existing environment to use your new self-service credentials, the next step is to deploy Deepgram services on your local machine.