Skip to main content


Self-hosted agents enable you to deploy Runops agents inside your infrastructure. There are two main reasons why you may want to use them:

  • Keep all your data and secrets in your cloud account.
  • Run Tasks on Connections in private networks

The agent running inside your infrastructure ensures that any credentials to your internal systems or access results with potentially sensitive data never leave your infrastructure.

After polling a task from the Runops API, the agent queries your Secrets Management solution to get temporary access to the credentials.

You can use Hashicorp Vault, AWS Secrets Manager, and GCP Secrets. Alternatively, you can use Kubernetes Secrets to store credentials when you deploy the agent to Kubernetes.

The agent will then perform the access and notify the API. The Agent redacts any PII data from the logs and only then forwards the result to the user.

You can use multiple agents to access different networks and environments. You add tags to Agents that tell them which tasks they should fetch from the Runops API.

One additional benefit from this architecture is that you don't need a VPN to access resources in private networks.


  • Self-host agents to access private networks.
  • Improved security by keeping secrets on-premises.
  • Shutdown your VPN.

AWS Reference Architecture

Here is what it would look like to run the Agent in AWS.