Skip to content
Broch Documentation

Licensing

Broch requires a license key. The server will not start without one.

Getting a License

Section titled “Getting a License”

Purchase a license at broch.io. After checkout, you receive a welcome email with your license key. Set it as an environment variable on your server:

BROCH_LICENSE=XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX

Licensing is per-seat, per-feature (Share and Access are licensed independently). You can purchase different seat counts for each.

How License Validation Works

Section titled “How License Validation Works”

The server activates automatically on first boot. It calls the Broch central server to exchange your license key and wildcard hostname for a signed token. This token is stored in your database and validated locally on every request — no ongoing network dependency.

The server refreshes its token periodically (every 15–30 days depending on your license term) to pick up any changes (seat upgrades, renewals) and report aggregate usage metrics back to Broch. If the server cannot reach the central server, it continues operating on its cached token until the token expires.

What Broch receives: Aggregate seat counts and server version — no user data, no traffic content. See the Security and Compliance page for full details.

Air-Gapped Deployments

Section titled “Air-Gapped Deployments”

If your deployment has no outbound internet access, Broch supports fully air-gapped operation with no connections to Broch infrastructure of any kind.

You must specify your wildcard domain name at the time of purchase. Broch generates a license token pre-bound to your domain and emails it to you along with your license key. Deploy the token to your server — it validates locally with no activation call required.

Air-gapped licenses are paired with annual billing. Token renewal happens once per year: Broch emails you a new token before your current one expires.

If you need an air-gapped license, contact [email protected] before purchasing to arrange the correct license type.

License Expiry and Grace Period

Section titled “License Expiry and Grace Period”

When your license term expires, the server enters a grace period (7 days by default). During the grace period:

  • Tunnel operations continue working
  • The server logs warnings on startup
  • Admin UI shows an expiry banner

After the grace period ends, tunnel operations are blocked until the license is renewed. Existing authenticated sessions remain valid; only new tunnel connections are rejected.

Renew before expiry to avoid any disruption. Standard deployments receive the renewed token automatically at the next refresh cycle.

Trial Licenses

Section titled “Trial Licenses”

A trial license is available for evaluation. Contact [email protected] to request one.