Licensing & Pricing
Two products, two pricing models. Sirr Cloud is billed per seat. Sirr Self-Hosted is billed per instance. Both include the full feature set.
Cloud pricing (sirrlock.com)
Managed service — zero infrastructure. Billed per seat per month.
| Free | Pro | Team | Enterprise | |
|---|---|---|---|---|
| Price | Free | $8/user/mo | $15/user/mo | Custom |
| Users | 1 | Unlimited | Unlimited | Unlimited |
| Organizations | 1 | 1 | Unlimited | Unlimited |
| Secrets | 100 | Unlimited | Unlimited | Unlimited |
| Audit logs | 7 days | 30 days | 90 days | Custom |
| Support | Community | Priority | Dedicated + SLA | |
| Custom roles | — | Yes | Yes | Yes |
| SSO / SAML | — | — | Yes | Yes |
| Custom terms | — | — | — | Yes |
Self-hosted pricing
Run sirrd on your own infrastructure. Billed per instance per year.
| Community | Standard | Professional | Enterprise | |
|---|---|---|---|---|
| Price | Free | $499/yr/instance | $1,499/yr/instance | Custom |
| Secrets | 100 per instance | Unlimited | Unlimited | Unlimited |
| Organizations | 1 | Unlimited | Unlimited | Unlimited |
| Principals | 1 | Unlimited | Unlimited | Unlimited |
| Support | Community | Priority | Dedicated + SLA | |
| Audit API | Yes | Yes | Yes | Yes |
| Webhooks | Yes | Yes | Yes | Yes |
| Custom roles | — | Yes | Yes | Yes |
| Custom terms | — | — | — | Yes |
Non-production use is always free, regardless of the number of secrets. See below for details.
Cloud vs Self-Hosted
Different products, different trade-offs. Pick what fits your infrastructure.
Self-hosted
Run sirrd on your own infrastructure. Your data never leaves your network.
- Data stays in your VPC / private network
- Works air-gapped and offline
- Full control over upgrades and configuration
- You manage uptime, backups, and TLS
- Priced per instance, not per seat
Cloud (sirrlock.com)
We host it for you. Team management and billing included.
- Zero infrastructure to manage
- Team and organization management UI
- Web-based audit dashboard
- Automatic updates and uptime SLA (Team+)
- Priced per seat, not per instance
Business Source License
Sirr is source-available under the Business Source License 1.1 (BSL 1.1). The full source code is available on GitHub — you can audit every line of encryption, storage, and authentication logic.
Key terms:
- Source-available — Complete source code is public. Fork it, build it, inspect it.
- Free within limits — Up to 100 active secrets per instance require no license key and no payment.
- Commercial license — Production deployments exceeding the Community tier require a paid license.
- Time-limited restriction — The BSL converts automatically to Apache 2.0 on a fixed date (see below).
License keys
License keys follow the format sirr_lic_ followed by 40 hexadecimal characters:
sirr_lic_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2
Obtaining a key
Purchase a license at sirrlock.com/pricing. You will receive your key immediately after purchase.
Setting the key
Pass the license key as an environment variable when starting the server:
Set license key
export SIRR_LICENSE_KEY="sirr_lic_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2"
sirrd serve
Or in Docker:
Docker with license key
docker run -d \
--name sirrd \
-p 39999:39999 \
-v ./sirrd-data:/data \
-e SIRR_MASTER_API_KEY="your-api-key" \
-e SIRR_LICENSE_KEY="sirr_lic_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2" \
-e SIRR_DATA_DIR=/data \
ghcr.io/sirrlock/sirrd
The server validates the license key at startup by contacting the licensing API. Once validated, the key is cached and the secret limit is lifted according to your plan.
Self-hosted instances are not required to phone home after initial validation. If the licensing API is unreachable, the server continues operating with the last known validation result. Sirr never blocks secret operations due to a licensing check failure.
Apache 2.0 conversion
On February 20, 2028, the Sirr source code automatically converts from BSL 1.1 to the Apache License 2.0. After this date:
- All usage restrictions are permanently removed
- The code becomes fully open source under Apache 2.0
- No license key is required for any deployment size
- The change is irrevocable
This conversion date is written into the license file in the repository and cannot be changed retroactively.
The BSL 1.1 conversion clause guarantees that Sirr will become fully open source. This protects users from vendor lock-in while allowing the project to sustain itself commercially during the initial period.
Non-production use
All non-production use is always free, regardless of the number of active secrets. This includes:
- Development — local development environments
- Staging — pre-production staging environments
- CI/CD — continuous integration and testing pipelines
- Testing — automated and manual testing
- Evaluation — trying Sirr before committing to a production deployment
No license key is needed for any of these use cases. The 100-secret limit and license requirement apply only to production deployments.