Security benefits of self hosting your Feature Flags on-prem

Geshan Manandhar
April 30, 2021

Data-sensitive organizations are self hosting their feature flag service to take advantage of speed and security benefits

Modern software engineering teams are leveraging feature flags to safely deploy new features without disrupting customer experience for their company’s useful applications. However, many of today’s feature flagging tools are only offered as SaaS. While SaaS carries lots of benefits around speed to set up and ease of management, some organizations place a higher priority on data security and control. For those organizations, an on-prem deployment is the preferred way to host their software. In this post we are going to unwrap the layers of why those organizations prefer on-premises deployment, and share a little about Flagsmith’s on-prem or private cloud hosting options to meet those needs.

On premises vault

Focus on security

Data security is paramount for all companies, but organizations operating in certain highly regulated industries like banking, healthcare, or government may have strict rules regarding how they deploy software and store data. For companies in this situation, an on-premises deployment is often the option that best suits those needs. That’s because self-hosted software gives the company more overall control.

When self-hosting Flagsmith, your team can run the software behind your own firewalls and VPN. This self-reliance can give peace of mind to teams upholding the most demanding security requirements.

With a self-hosted instance of Flagsmith, it’s also easy to be compliant with any governmental or domain-specific requirements like HIPAA and any Personally Identifiable Information (PII) specification. Again, self-hosting gives you complete control around other services that interact with your feature flagging software, and what data is stored in the system.

Your software team can also guarantee any geographic location obligation with an on-prem deployment. As the software is self-hosted, it can be hosted in Germany, Singapore, or in the US as per the need. If there are security stipulations around your company’s software and feature flagging software, that it needs to be co-located, those can be fulfilled easily.

The enterprise version of Flagsmith has additional features that every large organization values such as Role Based Access Controls (RBAC) and Authentication with different providers like SAML, LDAP or Active Directory.

Performance benefits of on-prem

Meeting any company governance requirements and performance benchmarks is straightforward if the feature flag software is self-hosted on-premises or even in the cloud. Because your software team is in control, as it is hosted inside the company’s network, the team can personally guarantee uptime, latency, and other performance metrics related to the software.

Feature flagging software being hosted inside the same network can equate to faster network calls as it doesn’t need to go through the public internet. The network proximity makes the communication faster between your team’s software and the feature flagging software. You could also easily switch to a non-HTTPs communication between your services and the feature flagging software as they are in the same network. Generally speaking, HTTP is faster than HTTPS.

Picture this, you have many microservices running in your Kubernetes cluster hosted on AWS EKS (Elastic Kubernetes Service). If there is a feature flag that is called on each page load, think of all the traffic that needs to go out from your network to the SaaS hosted server. On the contrary, if the feature flagging software also lives in the same Kubernetes cluster it is much faster. You and your team have much more control over how to manage resources for that software.

Flexibility of on-prem

Flexibility is another powerful benefit provided by self-hosted feature flagging software, looking at it in conjunction with performance it is often an important factor in the decision of which feature flagging software to choose. Self-hosting Flagsmith provides flexibility, specifically in how it is deployed with the other infrastructure you are running.

Whether you want to run Flagsmith on bare metal or in your private cloud, that’s your choice. If you need it to work seamlessly with the technologies you use today, Flagsmith works with Kubernetes, OpenShift, Oracle, SQL Server, and more. With our Enterprise offering we even build custom integrations to the technology stack you use if they are not available already.

Open source, the cherry on top

Many of the benefits of a self-hosted deployment of Flagsmith are amplified by the fact that Flagsmith is open source. This makes it even more secure, and even easier to have it work with your existing technology stack.

Because Flagsmith is primarily open source, and the closed source features are source available, it is not a black box. Your team can dig in and confirm the integrity and security of the software you are running.

Since Flagsmith is open source, you can contribute to the code of the project. If you are looking for a specific integration, feature, or even UI change, you can take matters into your own hands and contribute to the open source project with a pull request. This control or self reliability cannot be realized with a closed source product. And any contributions you make help improve the experience for other users as well.

Now that you know that self-hosted feature flags have these benefits, next we will discuss how easy it is to self-host Flagsmith on-prem.

Flagsmith self-hosted is easy to deploy

Flagsmith can be easily self-hosted in-house on-premises. Flagsmith supports multiple infrastructure platforms like Kubernetes and OpenShift. You can quickly get the platform running with our docker-compose offering. As our API and frontend both are containerized, running the whole Flagsmith stack on your software team’s Kubernetes cluster is very straightforward. Of course, your Kubernetes cluster can be on Amazon EKS, Google Cloud GKE, Azure AKS, or even a self-managed cluster on bare metal. We provide containers, your team decides where and how to run them.

On Kubernetes, you can effortlessly leverage our Helm charts to get up and running in minutes. For OpenShift we provide an operator that does the heavy lifting for you.

We also provide various clients in multiple languages from JavaScript and Node.js to Golang, from Ruby and Python to iOS. If your software team writes applications in one of the popular languages we have a client ready to be used. The containers keep your DevOps/SRE team happy and the easy-to-use clients make the software engineers’ delighted. Given you are convinced it is easy to set up Flagsmith and your software engineers are happy too. Next up, we will dive into the benefits of keeping your feature flagging software inside your own infrastructure.


Just because your software team works for a bank or in a heavily regulated sector like healthcare, they don’t have to miss out on how modern software teams work with feature flags. With Flagsmith on-premises your team can have feature flags and reap all the benefits we have discussed; optimal control, high performance, stricter security, and high flexibility. Don’t limit your software teams’ potential, embrace the deployment is not a release philosophy, and release software incrementally thus safely with feature flags.
The best way to deploy Flagsmith on-premises is with our Enterprise License. As an Enterprise customer we help your software team with the deployment process. Please contact us if you are interested in a self-hosted deployment of Flagsmith.

About the Author: Geshan Manandhar is a software engineer and blogger. Read more content on his personal blog.



Learn more about CI/CD, AB Testing and all that great stuff

We'll keep you up to date with the latest Flagsmith news.
Must be a valid email
Illustration Letter