System Requirements
Hardware, Software, and Network Prerequisites
Document Version: 1.0.0
Last Updated: 2026-02-10
1. Hardware Requirements
Minimum (Development / Testing)
| Component |
CPU |
RAM |
Storage |
| API Server |
2 cores |
4 GB |
20 GB SSD |
| PostgreSQL |
2 cores |
4 GB |
50 GB SSD |
| Redis |
1 core |
1 GB |
5 GB SSD |
| Web Interface |
1 core |
512 MB |
1 GB |
| OCSP Responder |
1 core |
512 MB |
1 GB |
Recommended (Production)
| Component |
CPU |
RAM |
Storage |
Notes |
| API Server |
4+ cores |
8+ GB |
50 GB SSD |
Vertical scaling recommended |
| PostgreSQL |
4+ cores |
16+ GB |
200+ GB SSD |
IOPS > 3000 recommended |
| Redis |
2 cores |
4+ GB |
10 GB SSD |
Low-latency storage |
| Web Interface |
2 cores |
2 GB |
5 GB |
Stateless, horizontally scalable |
| OCSP Responder |
2 cores |
2 GB |
5 GB |
Stateless, horizontally scalable |
Storage Sizing Guide
| Data Volume |
PostgreSQL Storage |
Notes |
| Up to 10,000 secrets |
50 GB |
Includes audit logs (1 year) |
| 10,000–100,000 secrets |
200 GB |
With versioning and rotation |
| 100,000+ secrets |
500+ GB |
Contact support for sizing |
| Certificate Authority (per CA) |
+10 GB |
CRL, OCSP cache, revocation data |
2. Software Requirements
Azure AKS Deployment
| Software |
Version |
Purpose |
| Kubernetes (AKS) |
1.28+ |
Container orchestration |
| Helm |
3.12+ |
Package management |
| Azure CLI |
2.50+ |
Azure resource management |
| kubectl |
1.28+ |
Kubernetes management |
| Terraform |
1.5+ |
Infrastructure as Code (optional) |
On-Premise Deployment
| Software |
Version |
Purpose |
| Rocky Linux / RHEL |
9.x+ |
Operating system |
| Docker Engine |
24+ |
Container runtime |
| Docker Compose |
2.20+ |
Multi-container orchestration |
| Nginx |
1.24+ |
Reverse proxy / TLS termination |
| PostgreSQL |
15+ |
Database (containerized or standalone) |
| Redis |
7.x+ |
Cache (containerized or standalone) |
3. Network Requirements
Required Ports
| Port |
Protocol |
Direction |
Purpose |
| 443 |
TCP |
Inbound |
HTTPS — Web Interface + API |
| 80 |
TCP |
Inbound |
HTTP → HTTPS redirect |
| 8080 |
TCP |
Internal |
API Server (behind proxy) |
| 8081 |
TCP |
Internal |
OCSP Responder (behind proxy) |
| 5432 |
TCP |
Internal |
PostgreSQL |
| 6379 |
TCP |
Internal |
Redis |
Outbound Connections (Optional)
| Destination |
Port |
Purpose |
Required |
| MazeVault License Server |
443 |
License validation, heartbeat |
✅ (unless offline token) |
| Azure Entra ID |
443 |
SSO authentication |
If SSO enabled |
| Azure Key Vault |
443 |
Key Vault integration |
If integration enabled |
| External CA (DigiCert, Venafi, etc.) |
443 |
Certificate issuance |
If external CA configured |
| NTP Server |
123/UDP |
Time synchronization |
✅ Recommended |
Firewall Rules
Internal Ports
Ports 8080 (API), 8081 (OCSP), 5432 (PostgreSQL), and 6379 (Redis) must not be exposed to the internet. These are internal-only ports behind the reverse proxy or Kubernetes ingress.
4. TLS Certificate Requirements
| Certificate |
Purpose |
Minimum Key Size |
Notes |
| Server TLS |
HTTPS for Web Interface + API |
RSA 2048 / ECDSA P-256 |
Can use Let's Encrypt or internal CA |
| OCSP TLS |
HTTPS for OCSP Responder |
RSA 2048 / ECDSA P-256 |
Optional (HTTP allowed for OCSP) |
| Database SSL |
PostgreSQL connection encryption |
RSA 2048 |
Required in production |
5. Supported Browsers
| Browser |
Minimum Version |
| Google Chrome |
100+ |
| Mozilla Firefox |
100+ |
| Microsoft Edge |
100+ |
| Safari |
16+ |
6. Resource Planning Calculator
| Parameter |
Formula |
| API Server Memory |
Base 2 GB + 1 MB per 1,000 secrets |
| PostgreSQL Storage |
Base 20 GB + 500 KB per secret (with 10 versions) + 1 KB per audit event |
| Redis Memory |
Base 512 MB + 100 bytes per cached secret |
| Network Bandwidth |
Proportional to API request rate; ~1 KB per request average |