E2EE secure data transport for IoT gateways, lightweight Rust daemon with access control built in.
225
End-to-end encrypted data transport with access control for IoT gateways, edge nodes, and MEC deployments.
Privitty Edge runs as a lightweight daemon on your gateway device, securing every message and file in transit — regardless of what network or cloud sits in between. No plaintext ever leaves the device unencrypted. Access is controlled at the transport layer, not bolted on afterward.
localhost:7200 — automate everything, no UI requiredThe daemon is written in Rust and compiled to a fully static musl binary — no dynamic libc, no OpenSSL dependency, no runtime surprises. The image is based on scratch, keeping it minimal and free of OS-level CVEs. What you deploy is exactly what runs.
The image includes both privitty-edged (daemon) and privitty-edge (CLI). Runs as a non-root user (UID 1000) with a built-in health check.
docker run -d \
--name privitty-edged \
-e PRIVITTY_PROFILE=gateway01 \
-p 127.0.0.1:7200:7200 \
-v privitty-data:/var/lib/privitty \
privitty/edge:latest
PRIVITTY_PROFILE is required on first run (profile name is with which the account is identified) — it becomes the gateway display name and the local part of the auto-provisioned account address.
Check the daemon is healthy:
curl -s http://127.0.0.1:7200/health
Send a JSON-RPC command:
curl -s -X POST http://127.0.0.1:7200/rpc \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"get_config","params":[1,"addr"],"id":1}'
Stream real-time events (SSE):
curl -N http://127.0.0.1:7200/events
| Tag | Contents |
|---|---|
privitty/edge:latest | Daemon + CLI — multi-arch (amd64, arm64, arm/v7) |
privitty/edge:latest-viewer | Same as above, plus the optional privitty-viewer binary |
| Platform | Typical hardware |
|---|---|
linux/amd64 | x86 gateways, cloud VMs, MEC nodes |
linux/arm64 | ARM64 gateways (Raspberry Pi 4, NVIDIA Jetson, Advantech, Dell) |
linux/arm/v7 | ARMv7 embedded gateways (Moxa, older industrial hardware) |
Runtime configuration is set via environment variables (or CLI flags). Priority: CLI flag → env var → built-in default.
| Variable | Required | Default | Description |
|---|---|---|---|
PRIVITTY_PROFILE | Yes | — | Gateway profile name (account display name) |
PRIVITTY_LISTEN | No | 0.0.0.0:7200 | HTTP listen address (use 0.0.0.0 inside Docker) |
PRIVITTY_ACCOUNTS | No | /var/lib/privitty | Persistent data directory |
PRIVITTY_SERVER | No | chat.privittytech.com | Privitty relay server |
RUST_LOG | No | info | Log verbosity (error, warn, info, debug, trace) |
A reference config file is baked into the image at /etc/privitty/privitty-edged.toml. Mount your own copy for documentation or operator reference:
-v /your/config.toml:/etc/privitty/privitty-edged.toml:ro
Persistent state (keys, database, blobs, license) lives in /var/lib/privitty — mount a named or host volume there.
License: Privitty send operations require an active license. Activate from inside the container:
docker exec privitty-edged \
privitty-edge --accounts /var/lib/privitty \
license activate https://license.privitty.com/v1/license/TOKEN
E2EE secure data transport daemon with access control for IoT gateways, edge nodes, and MEC deployments.
Content type
Image
Digest
sha256:c83620f83…
Size
15.1 MB
Last updated
about 2 months ago
docker pull privitty/edge:latest-viewer