Everything you need to know about Plane air-gapped

7 min read Original article ↗
"It's a non-starter unless you can guarantee zero external connections," - CISO, U.S. federal contractor.

His voice carried the unmistakable tension of someone who'd just spent hours in a compliance review meeting. "We love your platform, but our federal contracts require complete isolation. Not 'minimal connections' or 'only essential traffic'—I mean nothing leaves our network. Is that something you can do?"

That call came on a Thursday afternoon last year, just as we were celebrating a major enterprise win. By Monday morning, our leadership had made the decision: we would build a truly air-gapped version of Plane. Six months later, what started as a frantic customer request has become one of our most strategic product offerings.

After months of development, our air-gapped capability has reached general availability. This post explores the journey of building this specialized deployment option for regulated industries where data sovereignty isn't just preferred—it's mandatory.

What regulated teams asked for

The demand for truly isolated software environments has been consistent across several regulated industries. Defense contractors operating under International Traffic in Arms Regulations (ITAR) require complete network isolation. Government Cloud (GovCloud) users need Federal Risk and Authorization Management Program (FedRAMP) compliant solutions with no external dependencies. Healthcare organizations handling Protected Health Information (PHI) and financial institutions managing sensitive transaction data both face similar constraints.

Even with our robust self-hosted option, we kept hearing the same feedback from legal and compliance teams: "Private cloud" solutions that still require Virtual Private Network (VPN) tunnels don't meet their stringent requirements.

Strategic fit

Developing an air-gapped deployment option completes Plane's deployment trilogy:

  1. Cloud → Our fully-managed SaaS offering with all the convenience and none of the maintenance
  2. Self-Hosted → Customer-managed deployment with control over data residency
  3. Air-Gapped → Complete isolation for the most stringent security requirements

This strategic expansion de-risks our enterprise growth by unlocking access to six-figure deals that were previously blocked by technical security requirements. Several such deals were already in our pipeline, but couldn't progress past security reviews until we offered a truly air-gapped option.

More importantly, the air-gapped version gives us a hardened security baseline that benefits every Product Stock Keeping Unit (SKU) in our portfolio. All deployment options now leverage:

  • Comprehensive supply-chain scanning to validate components
  • Rigorous CI/CD pipeline validation with hermetic builds
  • Detailed artifact provenance verification

What started as a specialized requirement has evolved into a company-wide commitment to security excellence that strengthens our entire product line.

What an "air-gap" means in Plane

Building a truly air-gapped solution required rethinking how every component of Plane operates. Here's a practical breakdown of the key differences between our deployment options:

Component

Cloud / Self-Hosted

Air-Gapped

Images

Pull from registry

Pre-bundled in 2 GB `.tar.gz`

Licensing

Online "Prime" ping

Offline, encrypted, version-pinned

Updates

`plane upgrade` CLI

Full container swap, preserves data

Telemetry

Opt-in analytics

Disabled by default

With an air-gapped installation, your Plane instance lives completely within your security perimeter. There are no outbound connections whatsoever—not even for license verification or updates. This complete isolation is what distinguishes a true air-gapped solution from other "private" or "isolated" deployment options that still maintain some connection to external networks.

blog

Everything you need arrives in a single, cryptographically verified package. This includes all container images, frontend assets, and even the monitoring tools. When you need to update, you receive a complete new package that can be physically transferred into your secure environment via approved channels—ensuring your workflow is never compromised by external dependencies.

Inside the build

Immutable package

The foundation of our air-gapped solution is a single, self-contained artifact that bundles everything needed to run Plane without external connections. This immutable package includes:

  • Nine service-specific Docker images (admin, backend, email, live, monitor, proxy, silo, space, web)
  • Four dependency Docker images (PostgreSQL, RabbitMQ, MinIO, Valkey)
  • Configuration templates (docker-compose.yml and plane.env)
  • Installation script with integrity verification

Every component is accompanied by a SHA-256 manifest that's cryptographically signed during our CI process. This ensures the package you receive hasn't been tampered with during transfer or storage.

Offline installer

The heart of our air-gapped deployment is the install.sh script that manages the entire setup process without requiring external connectivity. After downloading on a connected machine and transferring to your air-gapped environment, the installation is straightforward:

The installer guides you through configuration and then:

  1. Loads all Docker images into your local registry
  2. Configures environment variables including a unique MACHINE_SIGNATURE for your installation
  3. Sets up a complete directory structure with separate data and logs directories
  4. Validates installation integrity with built-in verification checks

Air-gap testing

To ensure true isolation, we've rigorously tested the entire deployment process in environments with zero external connectivity. Our test environments simulate the strict network restrictions found in regulated industries, with security controls that flag and block any attempted external connections.

This testing approach has helped us refine our installation process to work flawlessly even in the most restrictive network environments, ensuring that when you deploy Plane in your air-gapped environment, it simply works.

Hard problems, solved

Supply-chain trust

The biggest security challenge in air-gapped environments is establishing trust in the software supply chain. Without internet connectivity, you can't verify packages against online repositories or check for vulnerabilities in real-time. We've solved this with a multi-layered approach:

  1. Reproducible builds - Our CI pipeline generates deterministic artifacts that can be independently verified and always produce the same checksum given identical inputs.
  2. Cryptographic signing - Every package is signed with our organizational GPG key, published on public key servers and verified during installation.
  3. Artifact provenance - We include a comprehensive chain-of-custody record with each package, documenting every build step and dependency.

These measures ensure that when you install Plane, you can be confident it's exactly what our development team built—nothing more, nothing less.

External integrations

Project management softwares typically rely heavily on external services, which presents a challenge in air-gapped environments. We've addressed this by implementing a webhook proxy pattern:

  1. All external integration points are clearly documented
  2. Integration configuration includes connection specifications
  3. An integration allowlist lets your security team selectively open specific ports inside your DMZ

For example, if you need GitHub integration, our documentation provides exact network requirements that your team can review, approve, and implement according to your security policies.

Keeping size manageable

Air-gapped packages can quickly grow unwieldy, making physical transfer difficult. We've optimized our package to a manageable 2GB through several techniques:

  1. Multi-stage builds - Our Docker images use multi-stage builds to eliminate development dependencies
  2. Layer optimization - We carefully arranged Dockerfile layers to maximize reuse across services
  3. Pruning debug symbols - Production images are stripped of debugging information
  4. Delta compression - For updates, we've implemented a delta compression system between versions

These optimizations ensure that transferring Plane into your secure environment remains practical, whether through approved USB devices or internal artifact repositories.

Customer zero

Our first air-gapped deployment was with a defense contractor working under ITAR (International Traffic in Arms Regulations) restrictions. Their requirements were among the strictest possible: no internet connectivity whatsoever, physical isolation, and compliance with federal security controls.

The deployment process was remarkably smooth—from receiving the tarball to first login took just 45 minutes. According to their security team, Plane "met ITAR enclave rules with zero code changes required," a testament to our design approach.

What surprised the customer most was performance. Without the latency of internet connectivity, their air-gapped deployment actually delivered faster response times than our SaaS offering.

What's next

We're just getting started with our air-gapped offering. Here's what's on our roadmap:

Semi-automated updater

We're developing a streamlined update mechanism that works with either USB drives or internal artifact proxies. This will simplify the upgrade process while maintaining strict security isolation.

Air-gap friendly Marketplace

We're building a signed bundle of vetted plugins and integrations that can be included with air-gapped deployments. This will provide the extension capabilities of our marketplace without requiring internet connectivity.

FIPS-validated crypto modules

For our government customers with the strictest security requirements, we're working on FIPS 140-2/3 validation for all cryptographic modules. This work is already in progress and will enable use in Federal High security contexts.

Ready for air-gapped deployment?

If your organization operates in regulated industries like defense, healthcare, or finance—or if you simply need the highest level of data isolation—Plane's air-gapped deployment might be exactly what you've been looking for.

Our security team specializes in helping organizations navigate the unique challenges of air-gapped environments. They'll work with you to evaluate requirements, plan the deployment, and ensure a smooth implementation that meets your security and compliance needs.

Talk to our Security team →

Because in environments where nothing can leave the network, the right software still needs to deliver everything.

This article was collaboratively written by the Plane engineering, security, and marketing teams.