keygate

module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 11, 2026 License: AGPL-3.0

README ยถ

Keygate

Keygate

Open source software license management platform.

The self-hosted alternative to Keygen, Cryptlex, and LicenseSpring.

Website ยท Documentation ยท Community

License Release Stars Sponsor

English ยท ็ฎ€ไฝ“ไธญๆ–‡


Keygate Dashboard

Why Keygate?

You've built great software. Now you need to decide who can use it, how they pay for it, and what features they get access to.

Commercial license platforms charge per-seat, per-month, and your customer data lives on someone else's servers. Building your own takes months of engineering on activation logic, payment webhooks, quota tracking, and all the edge cases that come at 2 AM.

Keygate is the middle ground. A production-ready license server you deploy on your own infrastructure, connect to your own Stripe, and manage through a clean dashboard. It handles everything from activation to dunning โ€” so you can focus on building your product.

One binary. One database. Full control. Free, forever.


Who is it for?

๐Ÿง‘โ€๐Ÿ’ป Indie Developers โ€” Selling a desktop app, CLI tool, or Electron app? Keygate handles license keys, activation limits, and trials so you can focus on shipping. ๐Ÿข SaaS Companies โ€” Managing subscription tiers with different feature sets? Define plans with entitlements, track usage, and let Stripe handle billing automatically.
๐Ÿญ Enterprise Vendors โ€” Need floating licenses for large teams? Concurrent seat checkout with heartbeat monitoring, perfect for shared-seat environments. โšก API Providers โ€” Enforcing rate limits and usage quotas? Atomic quota enforcement tracks every call and warns customers before they hit limits.

Features

๐Ÿ”‘ License Management

Every model in one platform โ€” subscriptions, perpetual, trials, and floating (concurrent) licenses. Create, activate, verify, suspend, reinstate, and revoke with full audit trail. Per-device or per-user activation limits with atomic enforcement (no double-counting under retry). Grace periods. License keys hashed with SHA-256, encrypted at rest. Signed tokens for offline verification. Idempotency-Key header support on writes โ€” retries never duplicate.

Public SDK endpoints (activate / verify / deactivate / usage / download) take license_key directly โ€” no embedded API keys to leak from your binaries. Customers can self-serve activation slots from the portal (free up a lost laptop without a support ticket).

๐Ÿš€ Software Distribution

Ship signed updates to your installed clients. Sparkle (macOS), Velopack (Windows), and Tauri (cross-platform) updaters all consume the same release feed โ€” one publish, every updater compatible. Per-platform binaries grouped under a single release, atomic publish gate (no half-uploaded releases ever leak), yank for instant rollback. Per-product Ed25519 signing keys with private keys encrypted at rest under AES-256-GCM + HKDF-derived subkeys. Server-side SHA-256 for integrity (never trust the client's hash). Stable feeds are public โ€” your customers' auto-updater never breaks when a license rotates. Per-product minimum_supported_version floor for forced upgrades.

Object storage is S3-compatible โ€” Cloudflare R2, AWS S3, MinIO, anything that speaks SigV4. Presigned URLs for direct browser upload (no proxying through Keygate), and license-gated short-TTL download URLs.

๐Ÿ“Š Usage Metering

Track API calls, storage, bandwidth, or any custom metric. Quotas enforced atomically at the database level โ€” even under high concurrency, limits are never exceeded. Hourly, daily, monthly, or yearly cycles with automatic reset. Threshold warnings via webhooks.

๐Ÿ’ณ Payments

Stripe integrated end-to-end with three-layer reliability โ€” webhook, success-page verification, and periodic sync ensure no payment is ever missed. Customer pays โ†’ license created automatically. Payment fails โ†’ dunning emails on schedule. Supports checkout, plan upgrades/downgrades with proration, cancellations, refunds, and billing portal. Stripe webhook is auto-configured โ€” just set your API key.

๐Ÿ‘ฅ Team Seats & Entitlements

Customers manage their own teams within a license. Seat roles (owner/admin/member), configurable limits per plan. Feature entitlements as boolean flags, numeric limits, or usage quotas. Purchasable add-ons that extend plan capabilities.

๐Ÿ”ง Server-to-Server API

Programmatic admin access via Authorization: Bearer kg_live_โ€ฆ โ€” mint licenses from your Stripe webhook, run nightly usage exports from cron, automate everything /admin/* can do. Scope-based authorization with fail-closed defaults (an API key with no scopes can do nothing). System-wide admin keys or per-product keys โ€” same model as Stripe sk_live_ and GitHub PATs.

๐Ÿ“ˆ Admin Dashboard

Products, plans, licenses, customers, API keys, webhooks, analytics, audit logs, team management, email templates, and brand customization โ€” all from one interface. Search, filter, and export (CSV/JSON).

๐Ÿ›ก๏ธ Security

Email OTP login with constant-time hash verification, role-based access checked per-request from database, brute-force protection, rate limiting, HMAC-signed webhooks, SameSite cookies, HSTS, and startup validation that rejects weak secrets. License verify endpoints collapse all "license-knowable" failures to a single 404 so license_key enumeration is closed off. Idempotency-Key middleware prevents double-execution on retried writes.

๐ŸŒ Self-Hosted

Single Go binary + PostgreSQL + (optional) S3-compatible storage for release artifacts. No Redis, no microservices. Auto-migration on startup. Setup wizard for first run. Custom branding, email templates, and i18n (English/Chinese built-in).


Quick Start

# 1. Download
curl -O https://raw.githubusercontent.com/tabloy/keygate/main/docker-compose.yml
curl -O https://raw.githubusercontent.com/tabloy/keygate/main/.env.example
cp .env.example .env

# 2. Set your secrets
# Edit .env: set JWT_SECRET and LICENSE_SIGNING_KEY (openssl rand -hex 32)

# 3. Run
docker compose up -d
From source
git clone https://github.com/tabloy/keygate.git
cd keygate && cp .env.example .env
make build && ./bin/keygate

Open http://localhost:9000 โ€” the setup wizard guides you from there.

๐Ÿ“– Full docs, deployment guides, and SDK examples at keygate.app/docs


Compared to Alternatives

Keygate Keygen Cryptlex LicenseSpring
Open source โœ… AGPL v3 Partial โŒ โŒ
Self-hosted โœ… โœ… โŒ โŒ
Price Free From $99/mo From $249/mo From $50/mo
Floating licenses โœ… โœ… โœ… โœ…
Usage metering โœ… โŒ โŒ โŒ
Built-in payments โœ… โŒ โŒ โŒ
Auto-update distribution โœ… Sparkle / Velopack / Tauri โœ… Paid add-on โŒ โŒ
Customer portal โœ… โŒ โœ… โœ…
Admin dashboard โœ… โœ… โœ… โœ…
Webhook system โœ… โœ… โœ… โœ…
Audit trail โœ… โœ… โŒ โŒ
Idempotency-Key โœ… โŒ โŒ โŒ
i18n โœ… โŒ โŒ โŒ

Community

  • Discussions โ€” Questions, ideas, show & tell
  • Issues โ€” Bug reports and feature requests
  • Blog โ€” Updates and engineering stories
  • Sponsor โ€” Support the project

Contributing

All contributions welcome โ€” bugs, features, docs, translations. Check open issues or start a discussion, then submit a PR.

License

AGPL v3 License with additional terms per Section 7(b) โ€” Copyright ยฉ 2026 Tabloy

You are free to fork, modify, and self-host this software under the AGPL v3. The "Powered by Keygate" attribution in the UI must be preserved (see NOTICE). A commercial license to remove the attribution is available โ€” contact hello@keygate.app.

Star History

Star History Chart
If Keygate helps your business, consider giving it a โญ

Directories ยถ

Path Synopsis
cmd
server command
internal
branding
Package branding provides project identity constants used across the application for API responses, HTML meta tags, HTTP headers, and email footers.
Package branding provides project identity constants used across the application for API responses, HTML meta tags, HTTP headers, and email footers.
crypto
Package crypto provides authenticated encryption helpers for storing secrets at rest.
Package crypto provides authenticated encryption helpers for storing secrets at rest.
middleware
Rate limiting middleware with pluggable backends.
Rate limiting middleware with pluggable backends.
storage
Package storage abstracts blob storage for release artifacts.
Package storage abstracts blob storage for release artifacts.
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL