SettleMint
Self-Hosting

Self-hosting overview

Deploy the Digital Asset Lifecycle Platform in your own Kubernetes or OpenShift infrastructure. Covers operating responsibilities, required platform services, installation planning, and high availability choices for enterprise deployments.

Overview

Self-hosted DALP is the path for organizations that need the Digital Asset Lifecycle Platform inside their own Kubernetes or OpenShift estate.

Start here when your platform team owns the cluster and provides the surrounding infrastructure. The child pages cover prerequisites, the installation process, cluster-specific configuration, and high availability choices.

DALP ships as Helm charts and container images for Kubernetes or OpenShift. SettleMint supports installation and application-level configuration. Your platform team owns the cluster, data services, ingress, DNS, TLS, registry access, secrets, monitoring, backups, and runbooks.

Controlled-environment deployment model

DALP can run in a bank-controlled Kubernetes or OpenShift cluster when the bank provides registry access, data services, DNS, TLS, storage, network paths, and approved secret-store inputs. The DALP application chart packages the Console, Platform API, Workflow Engine, Ledger Index, Broadcast, and block explorer as containerized workloads. Optional support and monitoring charts can run in the same cluster when the bank does not use approved managed equivalents.

The DALP runtime does not require a shared public SaaS control plane. Core components are not cloud-only. Cloud or externally managed services appear only when the release enables them or when the bank selects an approved managed service over an in-cluster equivalent. Treat each approved external endpoint as a production dependency with its own network policy, credential controls, data residency, logging, and incident-response process.

DependencyWhen it is usedSecurity implication
EVM RPC upstreams or custody and signing providersWhen the environment connects to an external network or external signer instead of an in-cluster network and local signing modelRestrict egress, isolate credentials, and review provider logs, key-control model, residency, and incident process before production
PostgreSQL, Redis, object storage, backup, or observability servicesWhen the bank uses managed data or monitoring services instead of bundled or in-cluster servicesTreat the service as a data processor. Review encryption, network path, retention, backup access, telemetry export, and administrator access
SMTP, identity providers, DNS, TLS issuance, and container registriesWhen the deployment integrates with the bank's mail, identity, certificate, DNS, or image-distribution controlsApprove domains and certificates, pin registry access, rotate credentials, and audit authentication and image-pull activity

For OpenShift, DALP charts include route and security-context values specific to that platform. Workloads run non-root with privilege escalation disabled, Linux capabilities dropped, and RuntimeDefault seccomp where configured. OpenShift assigns UIDs dynamically where the restricted Security Context Constraints (SCC) profile requires it. SettleMint-built runtime containers use hardened minimal base images: compiled services run from distroless nonroot images; web runtimes and migration tooling use pinned Alpine Bun images with a non-root user. Third-party support images must clear the bank's registry admission, scanning, and patch controls before the release goes live.

Runtime credentials are injected at startup rather than baked into images or static configuration. DALP supports HashiCorp Vault as a secret-manager provider, using the Vault address, token, mount path, and secret prefix configured for the environment. The Helm chart can also map environment variables to enterprise secret-store paths through the Conjur and summon integration before the application process starts. The bank owns Vault policy, token lifecycle, namespace access, audit logging, and rotation. DALP consumes only the runtime values approved for the deployment.

One-view topology

DALP workloads run inside the bank-controlled Kubernetes or OpenShift estate. Supporting services, the observability stack, ingress controls, and approved external endpoints surround those workloads. Review each as a production dependency before go-live.

Rendering diagram...

Traffic enters through the bank's ingress controls and reaches DALP workloads in the cluster. From there, the workloads use approved platform, data, observability, and external endpoints. External endpoints are optional dependencies, not a shared DALP control plane.

Deployment option fit

The self-hosting path fits when the organisation controls the target environment and SettleMint installs DALP into it. If the buyer does not want to operate Kubernetes, data services, backups, and observability, the managed or dedicated SettleMint service is the cleaner starting point.

OptionWhere DALP runsPrimary operatorUse when
Managed or dedicated SettleMint serviceSettleMint-operated infrastructureSettleMintYour team wants DALP available without operating the Kubernetes, data, backup, and observability layer
Client cloudYour approved public cloud Kubernetes estateYour platform team, with SettleMint installation supportYou need cloud residency, network, identity, and audit controls inside your cloud account
Private cloud or on-premisesYour Kubernetes or OpenShift estate in a data centerYour platform team, with SettleMint installation supportYou need local infrastructure control, private connectivity, or an internal platform standard

For client-cloud, private-cloud, and on-premises deployments, DALP remains a Helm-based application deployment. Your platform team owns the runtime estate. SettleMint owns the application package, installation support, post-deployment application configuration, and contracted application-level support.

Planning decisions

SettleMint delivers a tested, versioned Helm chart package. Your team provides the infrastructure and prerequisites. SettleMint engineers perform the initial installation and post-deployment configuration, including smart contract deployment and indexer validation.

Self-hosting has three decisions that shape the rest of the deployment:

DecisionDefault pathWhen to choose another path
Runtime platformKubernetes or OpenShift across multiple availability zonesUse OpenShift when your platform team standardizes on Routes, restricted security context constraints, and OpenShift operations.
Data servicesManaged PostgreSQL, Redis, object storage, backup, and observability services in hypercloud environmentsUse in-cluster PostgreSQL, Redis, RustFS, or observability only when managed services are unavailable or not approved. Object storage uses cloud-provider or S3-compatible storage.
Availability patternCloud-native multi-zone deploymentUse hot-warm, hot-cold, or hot-hot when recovery targets, geography, or consortium operations require a different operating model.

The platform team should make these decisions before installation planning. These choices determine the prerequisites, enabled chart groups, handoff checks, and recovery pattern that operators must test before production.

Documentation sections

SectionPurpose
PrerequisitesConfirm cluster, network, data service, secret, storage, registry, DNS, and TLS inputs
Installation processUnderstand installation phases, enabled chart groups, validation checks, and handoff
OpenShift installationCheck OpenShift route, security context, dynamic UID, and restricted workload behavior
High availabilityChoose and test the HA or disaster recovery pattern, including RTO, RPO, and runbooks
Hot-warm topologyReview standby-region operations when the active environment fails over to a warm region

Responsibility matrix

AreaSettleMintClient
Helm chartsDevelopment, testing, versioningDeployment, configuration
Container imagesBuilding, security scanningRegistry access, pulling
InstallationInitial deployment, verificationInfrastructure provisioning
Smart contractsDeployment, verificationNetwork access
Chain indexerDeployment, validation, readiness checksRuntime hosting and operations
BroadcastConfiguration guidance and chart defaultsRPC upstreams, exposure policy
Kubernetes/OpenShiftArchitecture guidanceProvisioning, maintenance
Managed servicesConfiguration recommendationsProvisioning, credentials
MonitoringDashboard templates, alert rulesGrafana hosting, alert routing
UpgradesChart updates, migration guidesExecution, testing
Incident responseApplication-level response (dependent on SLAs)Infrastructure-level response

SettleMint incident response is dependent on the contracted SLA tier.

Getting started

  1. Review the self-hosting prerequisites to confirm cluster, network, data service, storage, registry, DNS, TLS, and secret-management inputs.
  2. Choose the high availability pattern that matches your recovery targets and operating geography.
  3. Decide whether PostgreSQL, Redis, object storage, backup, and observability run as approved managed services or in-cluster equivalents.
  4. Prepare DNS entries, TLS certificates, image-pull access, and approved secret-store paths before scheduling installation with SettleMint.

See also

On this page