Skip to content

Privitty Edge

End-to-end encrypted data transport with access control for IoT gateways, edge nodes, and MEC deployments.

Privitty Edge is a lightweight daemon that runs on your gateway device. It encrypts messages and files before they leave the device and enforces access control at the transport layer — so your SCADA, MES, or custom application never sends plaintext over the network.

This documentation is written for IoT developers and integrators who deploy and automate Privitty Edge on edge hardware or in containers.

What you get

Capability Description
E2EE transport Messages, files, and telemetry encrypted between any two peers
Access control Define who can send, receive, or access shared files
HTTP JSON-RPC API Automate everything on localhost:7200 — no UI required
SSE event stream Real-time push notifications to your application
Multi-arch Docker amd64, arm64, and arm/v7 images for industrial hardware

High-level architecture

flowchart LR
    subgraph Gateway["Edge gateway"]
        APP["Your application\n(SCADA / MES / script)"]
        EDGE["privitty-edged\n:7200"]
        APP -->|"HTTP POST /rpc\ncurl · Python · .NET"| EDGE
        APP -->|"GET /events (SSE)"| EDGE
    end

    RELAY["Privitty relay\n(IMAP / SMTP)"]
    PEER["Remote peer\n(cloud · MEC · operator)"]

    EDGE <-->|"E2EE signalling\n& small payloads"| RELAY
    RELAY <-->|"E2EE signalling\n& small payloads"| PEER
    EDGE <-.->|"Large files\n(QUIC / P2P when available)"| PEER

How integration works:

  1. Your application talks to privitty-edged over HTTP on port 7200.
  2. The daemon manages one gateway identity (auto-provisioned on first run).
  3. Outbound traffic is encrypted before it reaches the relay or peer.
  4. Large files use QUIC peer-to-peer transfer when both sides support it; smaller payloads travel over the relay.

Single account model

Each edge device runs one account (account_id = 1). This keeps the API simple for embedded and container deployments.

Deployment options

Method Best for
Docker Production gateways, cloud VMs, quick evaluation
Docker Compose Persistent volumes, env-based config
Bare-metal binary Coming soon — see Upcoming Features

Quick start

docker run -d \
  --name privitty-edged \
  -e PRIVITTY_PROFILE=factory-gw-01 \
  -p 127.0.0.1:7200:7200 \
  -v privitty-data:/var/lib/privitty \
  privitty/edge:latest

curl -s http://127.0.0.1:7200/health

Follow the Getting Started guide for provisioning, licensing, and your first encrypted message.

Documentation map

Section Description
Getting Started First boot, provisioning, health checks
Docker Deployment Container run options, volumes, security
API Overview Endpoints, JSON-RPC format, account_id
Curl Cookbook Copy-paste commands for every operation
Examples End-to-end walkthroughs A–E
Configuration Environment variables and runtime flags
License Management Activate and maintain a deployment license

Support