Your project CRM. Your server. Zero exposure.
Aurora keeps your projects, revenue, security and keys on a server you own — no open ports, no telemetry, and your own AI.
Everything you need to run projects on your own server
Six core capabilities built for control, not compromise.
Key vault
Encrypted vault for every secret. AAL2 reveal, full audit, and 🤖 may store and rotate — never read plaintext.
Security scanning
ZAP, Nuclei, testssl and more against your own verified sites and repos. Results interpreted by your chosen AI.
BYO-AI
Anthropic, OpenAI, Gemini, Perplexity or Ollama. Bring your own keys and pick a model per task.
Integrations with auto-widgets
Stripe, Cloudflare, Supabase, GitHub and your own REST APIs. Metrics become widgets automatically.
Finance & renewals
MRR, costs and renewal dates sync from your integrations. Never miss an expiring key or domain.
Zero exposure
Cloudflare Tunnel in front of everything. No open ports, no inbound traffic — the app is only reachable via Access.
Three steps to your own instance
Install
Run Aurora with Docker Compose on your server or VPS.
Activate license
Unlock with your license key — the source code comes with the purchase.
Connect AI
Paste your own AI key and pick a default model per task.
services:
aurora:
image: registry.example/aurora:latest
env_file: .env
restart: unless-stopped
ports:
- "127.0.0.1:8080:8080" # endast loopback
depends_on: [supabase, workers]
cloudflared:
image: cloudflare/cloudflared:latest
command: tunnel run
environment:
TUNNEL_TOKEN: ${CF_TUNNEL_TOKEN} # från din .env
restart: unless-stoppedExample values. Real secrets go in your .env and end up encrypted in the vault.
No way in from the outside
All traffic leaves through an encrypted tunnel. Your server exposes no ports to the internet.
No inbound connections. No open ports. No real hostnames leave your server.
Connect what you already use
Verified at install, health-checked continuously. Or connect any REST API without code.
Built not to leak
Zero exposure
Cloudflare Tunnel — no open ports, no inbound traffic.
100% RLS
Row Level Security on every table. All access goes through server functions.
Vault encryption
Every secret encrypted at rest with pgsodium.
Audit before plaintext
Each reveal is logged and requires AAL2 before the value is shown.
Read-only scopes
Integrations use the least privilege possible — ideally read-only.
SSRF protection
Outbound calls are validated and constrained to stop SSRF.
No telemetry. Your data never leaves your server.
AI agents that can't read your keys
Through MCP your AI agents can write and rotate secrets in the vault — but never read them in plaintext. They can create and update, never exfiltrate.
One license. Yours to run forever.
Aurora license
- Self-hosted — runs on your own server
- Source code on purchase
- Updates during the license period
- 7-day trial
Priced in SEK — your bank handles currency conversion.