Karko

Getting started

Karko is a self-hosted GRC platform. Choose your deployment target below.

Prerequisites

  • Docker 24+ and Docker Compose v2 (for the Docker path)
  • OpenShift 4.12+ with sufficient project permissions (for the OpenShift path)
  • PostgreSQL 16 (bundled in the Docker Compose example, or provide your own DSN)
  • A Karko license key (free Starter tier available on the pricing page)

No license yet? View pricing. Starter tier is free forever for up to 3 systems.

The quickest path to running Karko. Both Karko and PostgreSQL run as containers on a single host.

1. Create a docker-compose.yml

version: "3.9"

services:
  postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: karko
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_DB: karko
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U karko -d karko"]
      interval: 5s
      retries: 10

  karko:
    image: to-be-determined
    ports:
      - "8080:8080"
    environment:
      KARKO_DB_DSN: postgres://karko:${DB_PASSWORD}@postgres:5432/karko?sslmode=disable
      KARKO_AUTH_SECRET: ${AUTH_SECRET}
      KARKO_LICENSE_PUBLIC_KEY: ${LICENSE_PUBLIC_KEY}
      KARKO_CORS_ORIGINS: ${CORS_ORIGINS:-http://localhost:5173}
    depends_on:
      postgres:
        condition: service_healthy
    restart: unless-stopped

volumes:
  postgres_data:

2. Set required environment variables

VariableDefaultDescription
DB_PASSWORDrequiredPassword for the PostgreSQL karko user.
AUTH_SECRETrequiredRandom string (≥ 32 chars) used to sign session tokens.
LICENSE_PUBLIC_KEYrequiredRSA public key PEM for license JWT verification. Download from your license page.
CORS_ORIGINShttp://localhost:5173Comma-separated list of allowed origins for the Karko GUI.

3. Start Karko

docker compose up -d
docker compose logs -f karko
Karko runs database migrations automatically on first start. Once healthy, the API is available at http://localhost:8080.

Next steps

  1. 1Retrieve your license key at /activate and add it in Settings → License after first login.
  2. 2Point the Karko GUI at your deployment and log in with the default admin credentials printed on first boot.
  3. 3Explore the GitHub repository ↗ for agent releases, framework updates, and changelogs.
Retrieve licenseView pricing