v0.42.1 · status: all systems go · oulu, fi
hosted developer platform

Registry, secrets
and storage — one login.

Satama is the quiet plumbing between your laptop and production: a private Docker registry, OpenBao for secrets, S3-compatible buckets for artifacts — sharing one OIDC identity, one billing line, one domain you actually own.

Request access Read the docs
// private beta · hosted in the EU · built in oulu
~/work/api — zsh
what's inside

One platform.
Four primitives your team actually uses.

No assembling a dozen vendors, no per-seat pricing for each one. Just the building blocks of a modern delivery pipeline — hosted, secured, and shared from a single domain.

docker registry

Private image registry with JWT-scoped pulls.

OCI-compliant, docker push works out of the box. Per-project namespaces, read-only or contributor scopes, and retention policies that keep the last N tags or any regex you care about. Automatic layer GC every night.

endpointregistry.{org}.satama.io authRS256 · short-lived retentionkeep_count + keep_pattern
openbao secrets

Secrets you can actually rotate.

Versioned KV, transit engine, and dynamic database creds — fronted by the same OIDC provider as the rest of the platform.

engineskv-v2, transit, db auditappend-only log
shared oidc

One identity across registry, storage, and secrets.

We issue RS256 tokens with a policy claim, MinIO and OpenBao trust the JWKS, and your team stops juggling five sets of credentials. Bring your own IdP or use the built-in provider.

discovery/.well-known/openid-configuration providersbuilt-in · google · github · okta
backups & gc

Nightly, boring, restorable.

Snapshots of registry blobs, MinIO buckets, and the Postgres that stitches it together — encrypted, offsite, and verified by a quarterly restore drill so you're not learning about your backup strategy on the worst day of the quarter.

schedule01:00 UTC + on-demand retention7d · 4w · 12m gcweekly layer sweep
registry ui

A real dashboard, not a dressed-up admin panel.

Every image, every tag, every pull. Inspect manifests, diff layers, set retention — all in the browser, all from the same login your CLI uses.

satama.io/projects/api/registry
v0.42.1

Registry · kuura

7 repositories · 312 tags · last push 4m ago
storage used
82.4 GB
↑ 4.1 GB / 7d
pulls · 24h
3,218
↑ 12%
unique pullers
41
↑ 3
gc reclaimed · last
6.8 GB
repositorylatestsizevisibilitypulls
kuura/gateway
v2.1.0 312 MBprivate14,203
kuura/worker
v2.0.9 284 MBprivate8,410
aalto/storefront
v0.9.7 118 MBprivate22,014
harbor/base-runtime
alpine-3.20 38 MBpublic108,334
revontuli/embed-service
v0.2.1 1.2 GBprivate612
pricing

Fully hosted. Priced per workspace.

Pay per workspace, not per seat. Unlimited collaborators on every plan. No setup fees, cancel whenever.

Starter
$15/ workspace / mo
billed annually
  • Up to 5 collaborators
  • 50 GB registry storage · 100 GB S3
  • OpenBao secrets, 1 namespace
  • OIDC with Google & GitHub
  • Nightly encrypted backups, 7-day retention
  • Community & email support
Request access
Team most picked
$39/ workspace / mo
billed annually
  • Unlimited collaborators & repositories
  • 500 GB registry storage · 1 TB S3
  • OpenBao secrets, 5 namespaces
  • OIDC with Google, GitHub, Okta
  • Nightly encrypted backups, 30-day retention
  • Slack & email support · 1 business day
Start 14-day trial
Scale
$169/ workspace / mo
billed annually
  • Everything in Team
  • 5 TB registry · 20 TB S3 · burst available
  • Dedicated region (EU / US)
  • SAML SSO & SCIM provisioning
  • Private networking & audit export
  • Priority support · 4h response · on-call bridge
Contact sales
private beta

Get early access.

We're onboarding ~20 teams a week. Tell us what you're building and we'll open your workspace within a few days.

384 teams on the list · 18 activated this week