Usage Limits, Seat Counts and Feature Gates for Self-Hosted Software
SaaS licensing is a solved problem. Enforcing usage limits, seat counts, and feature flags for self-hosted customers is not. Here's how Distr handles it — including fully offline and air-gapped environments.
If your software runs in the cloud and you control the infrastructure, usage enforcement is a solved problem. Seat limit hit? Block the next login. Trial expired? Gate the UI. Feature not in the plan? Don’t render the button. You own the environment, so you own the controls.
Now try doing the same thing when your customer runs the software.
The self-hosted gap
Vendors shipping to on-prem, self-managed, or air-gapped customers run into a wall fast. Your customer controls the environment — and often the application itself. You can’t gate a UI you can’t reach. You can’t block a login against a server you’re not running. And “call home to validate the license” isn’t an option if the customer’s cluster has no outbound traffic.
So what actually happens? Most vendors either skip enforcement entirely in self-hosted environments, or ship something that relies on the customer playing by the rules. Neither is a real answer when seat-based pricing or feature tiers are a meaningful part of your business.
How Distr handles it
We built licensing into Distr with two tools that cover different parts of the problem.
Entitlements control access at the distribution layer — which application versions a customer can deploy, which container images they can pull from your registry. If a customer is on your base tier, they only see what you’ve granted them. No enforcement logic needed on their side.
License Keys handle runtime enforcement inside your application — even when nothing external is reachable.
You define a JSON payload with whatever your application needs to enforce:
{"seats": 25, "plan": "pro", "modules": ["analytics", "reporting"]}Distr issues a signed JWT. Your customer injects it into their environment — an env var, a Kubernetes secret, a mounted config file. Your application verifies the signature at startup using your public key and reads the claims. No network call. No license server. No dependency on Distr being reachable at runtime.
It works fully offline. It works in air-gapped clusters. It is cryptographically secure.
Your application reads seats: 25 and enforces it. Contract expires? Issue a new token with a new expiry. Customer upgrades to a higher tier? New payload, new token. Rotation is on your side — the customer just injects the updated value.
Getting started
License management is available on Pro and Enterprise plans:
- License Management Overview
- Application Entitlements Guide
- Artifact Entitlements Guide
- License Keys Guide
Questions or want to see it in action? Join us in Discord or book a demo.