Skip to content
GOVERN Admin

Air-Gapped Deployment

Air-gapped deployment allows GOVERN to run entirely on-premises with no internet connectivity required. All AI scoring models and detection libraries are bundled in the container images.

What changes in air-gapped mode

  • Scorer models run on-premises (bundled in the API container)
  • No telemetry is sent to Archetypal
  • License validation is offline (requires a license token generated at provisioning)
  • Detection database updates must be imported manually from offline packages

Setup

Step 1: Transfer images

Download container images on an internet-connected machine and transfer via approved media:

Terminal window
# On internet-connected machine
docker save archetypal/govern-api:latest | gzip > govern-api.tar.gz
docker save archetypal/govern-agent:latest | gzip > govern-agent.tar.gz


# Transfer govern-api.tar.gz and govern-agent.tar.gz via approved media

Step 2: Load images

Terminal window
docker load < govern-api.tar.gz
docker load < govern-agent.tar.gz

Step 3: Configure offline mode

govern-config.yml
deployment:
  offline_mode: true
  license_token: "eyJhbGciOiJSUzI1NiJ9..."  # Provided at provisioning
  scorer_backend: local  # Use bundled models, not external APIs

Step 4: Start GOVERN

Terminal window
docker compose -f govern-airgapped.docker-compose.yml up -d

Updating detection rules offline

Download the latest detection package from the Archetypal secure portal and import:

Terminal window
govern-admin detection-rules import --file govern-rules-2026-04.pkg