privitty/edge

By privitty

Updated about 2 months ago

E2EE secure data transport for IoT gateways, lightweight Rust daemon with access control built in.

Image
Networking
Security
Internet of things
0

225

privitty/edge repository overview

Privitty Edge

End-to-end encrypted data transport with access control for IoT gateways, edge nodes, and MEC deployments.

Privitty Edge runs as a lightweight daemon on your gateway device, securing every message and file in transit — regardless of what network or cloud sits in between. No plaintext ever leaves the device unencrypted. Access is controlled at the transport layer, not bolted on afterward.

What it does

  • E2EE transport for IoT data — messages, files, telemetry — between any two peers
  • Built-in access control: define who can send, receive, or relay data at the daemon level
  • JSON-RPC API on localhost:7200 — automate everything, no UI required
  • SSE push notifications for real-time event streaming back to your application
  • Peer types supported: edge gateway ↔ cloud (AWS, Azure), gateway ↔ gateway, gateway ↔ MEC node, gateway ↔ operator device

Why Rust, why scratch

The daemon is written in Rust and compiled to a fully static musl binary — no dynamic libc, no OpenSSL dependency, no runtime surprises. The image is based on scratch, keeping it minimal and free of OS-level CVEs. What you deploy is exactly what runs.

The image includes both privitty-edged (daemon) and privitty-edge (CLI). Runs as a non-root user (UID 1000) with a built-in health check.

Quick start

docker run -d \
  --name privitty-edged \
  -e PRIVITTY_PROFILE=gateway01 \
  -p 127.0.0.1:7200:7200 \
  -v privitty-data:/var/lib/privitty \
  privitty/edge:latest

PRIVITTY_PROFILE is required on first run (profile name is with which the account is identified) — it becomes the gateway display name and the local part of the auto-provisioned account address.

Check the daemon is healthy:

curl -s http://127.0.0.1:7200/health

Send a JSON-RPC command:

curl -s -X POST http://127.0.0.1:7200/rpc \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"get_config","params":[1,"addr"],"id":1}'

Stream real-time events (SSE):

curl -N http://127.0.0.1:7200/events

Images

TagContents
privitty/edge:latestDaemon + CLI — multi-arch (amd64, arm64, arm/v7)
privitty/edge:latest-viewerSame as above, plus the optional privitty-viewer binary

Supported platforms

PlatformTypical hardware
linux/amd64x86 gateways, cloud VMs, MEC nodes
linux/arm64ARM64 gateways (Raspberry Pi 4, NVIDIA Jetson, Advantech, Dell)
linux/arm/v7ARMv7 embedded gateways (Moxa, older industrial hardware)

Configuration

Runtime configuration is set via environment variables (or CLI flags). Priority: CLI flag → env var → built-in default.

VariableRequiredDefaultDescription
PRIVITTY_PROFILEYesGateway profile name (account display name)
PRIVITTY_LISTENNo0.0.0.0:7200HTTP listen address (use 0.0.0.0 inside Docker)
PRIVITTY_ACCOUNTSNo/var/lib/privittyPersistent data directory
PRIVITTY_SERVERNochat.privittytech.comPrivitty relay server
RUST_LOGNoinfoLog verbosity (error, warn, info, debug, trace)

A reference config file is baked into the image at /etc/privitty/privitty-edged.toml. Mount your own copy for documentation or operator reference:

-v /your/config.toml:/etc/privitty/privitty-edged.toml:ro

Persistent state (keys, database, blobs, license) lives in /var/lib/privitty — mount a named or host volume there.

License: Privitty send operations require an active license. Activate from inside the container:

docker exec privitty-edged \
  privitty-edge --accounts /var/lib/privitty \
  license activate https://license.privitty.com/v1/license/TOKEN

E2EE secure data transport daemon with access control for IoT gateways, edge nodes, and MEC deployments.

Tag summary

Content type

Image

Digest

sha256:c83620f83

Size

15.1 MB

Last updated

about 2 months ago

docker pull privitty/edge:latest-viewer