Where your gateway runs
Custody and execution are inseparable (see why), so the one real deployment decision is: where does your gateway run, and how is its key protected there? It is always the same gateway binary — "local", "remote", and "hosted" are three placements of it, not three different products.
At a glance
| Placement | Where the secret lives | Where the call runs | Reachable by remote agents | Needs your machine online | Plan |
|---|---|---|---|---|---|
| Local | Sealed vault on your device | On your device | ❌ loopback only | it is the machine | Free and up |
| Remote (local + tunnel) | Still on your device | Still on your device | ✅ over a secure tunnel | ✅ machine must be up | Pro and up |
| Hosted | Encrypted at rest in Cloud KMS | In a Permaura-run worker | ✅ always | ❌ | Pro and up |
The trade is a slider, not a right answer: custody is strongest where execution is closest to you, and convenience grows as it moves to the cloud. You place each secret where you're comfortable.
Local
Your gateway runs on your own machine and listens only on 127.0.0.1. The secret sits in a sealed local vault; plaintext exists only inside a single call and is wiped on return. This is free, fully offline-capable after activation, and the strongest custody — at the cost of running on one machine, only when it's on. Agents on the same machine can use it; agents elsewhere (including hosted ones like ChatGPT) cannot, until you add remote access.
Remote (local gateway + secure tunnel)
Turn on remote access and Permaura gives your local gateway a stable public URL (https://g-xxxx.permaura.com) over a secure tunnel. Two things stay true:
- Your gateway still runs only on your machine; no key or data moves to the cloud.
- The tunnel is just a pipe. Agents authenticate to Permaura and connect directly to your gateway; the bytes of each call go straight to your machine.
This is the sweet spot for most people: cloud-grade convenience (any agent, anywhere, including ChatGPT) with local secret custody. It needs your machine to be online to answer calls.
Hosted
Permaura runs the gateway for you, always-on, with KMS envelope encryption and per-organisation keys. Most frictionless, fully multi-device, no machine of yours to keep online. The honesty rule still holds: a worker that makes the call had to decrypt the secret, so this is not zero-knowledge — the stronger-guarantee options are local or your own tunnelled gateway.
Hosted execution is included from Pro upward. When you open the console's gateway setup, the hosted option shows whether it's ready for your account or still being switched on for your region — pick a local or tunnelled gateway in the meantime.
Bring your own vault
Where a secret is stored at rest is a separate axis from where the gateway runs, so they compose. Permaura exposes a secret-backend seam — "resolve this secret, hand its plaintext to this closure, guarantee it's wiped" — so you can keep secrets in tooling you already run:
- Local vault (built-in default) · Cloud KMS envelope (hosted)
- External managers — Infisical, HashiCorp Vault, Doppler, 1Password, AWS/GCP/Azure Secrets Manager (Team and up)
- Dynamic secrets — the upstream issues a short-lived credential per call, least-privilege and auto-expiring
The line stays honest: Permaura fetches your secret for the one approved call and wipes it; it never stores your secret at rest unless you ask it to.
This maps to plans
The custody slider and the pricing line are the same line. Local is free and can't meaningfully be gated — it runs entirely on your machine. The paid line is reach: a public URL for your gateway, multi-device, cloud audit sync, and hosted always-on execution, because that's Permaura's infrastructure to run.
See Plans & billing for exactly what each tier unlocks and current prices.