Skip to content
broch
get started →

Licensing

Broch requires a license to operate. Buy one in the app’s first-run setup, or paste an existing key there — the server starts in first-run setup state and guides you through activation, then persists the activated token to its database. The license is entered in the app, not supplied at boot.

Getting a License

Section titled “Getting a License”

Buy a license in the app. Deploy Broch, sign in as an admin, and the first-run wizard — and Configuration → License later — leads with Buy Broch: choose your developer seats, accept the subscription agreement, and check out through Stripe. New deployments start with a 15-day free trial — a valid card is required upfront but isn’t charged; billing begins on day 16 at $10 per seat / month unless you cancel first. Broch claims and activates the license automatically when you return — there’s no key to paste. Already hold a key (renewal or marketplace)? Paste it under Configuration → License instead.

Licensing is per-developer-seat — one seat per user who runs broch share.

How License Validation Works

Section titled “How License Validation Works”

The server activates once it has a license key, entered in first-run setup or under Configuration → License. It calls the Broch central server to exchange your license key and wildcard hostname for a signed token. This token is stored in your database and validated locally on every request — no ongoing network dependency.

The server refreshes its token daily by default (cadence is server-tunable between 1 hour and 30 days) to pick up any changes (seat upgrades, renewals) and report aggregate usage metrics back to Broch. If the server cannot reach the central server, it continues operating on its cached token until the token expires.

What Broch receives on each refresh: your license key and current token, plus a usage report — active seat counts, all-time seat high-water marks, and server version. Integers, not identities; no traffic content. The Security page enumerates every licensing exchange field by field.

License Expiry and Grace Period

Section titled “License Expiry and Grace Period”

When your license term expires, the server enters a grace period (7 days by default). During the grace period:

  • Tunnel operations continue working
  • The server logs warnings on startup
  • Admin UI shows an expiry banner

After the grace period ends, tunnel operations are blocked until the license is renewed. Existing authenticated sessions remain valid; only new tunnel connections are rejected.

Renew before expiry to avoid any disruption. Standard deployments receive the renewed token automatically at the next refresh cycle.

Evaluating Before You Buy

Section titled “Evaluating Before You Buy”

Two ways to try Broch before you commit:

  • Broch-hosted trial — the hosted server at trial.broch.io: 60 days, no credit card, no deployment. A quick taste of tunneling on shared infrastructure.
  • Self-hosted trial — deploy on your own infrastructure and run the real product (your IdP, your audit log, your domain) free for 15 days. A valid card is required upfront but isn’t charged; it becomes a paid per-seat license on day 16 unless you cancel.