Deployment Models
Carabaas supports two deployment models, allowing you to start building immediately in a fully managed sandbox and transition to a production setup when ready.
Production
Cosigner 1 runs on your infrastructure, Cosigner 2 is hosted by Carabaas. This provides maximum security with distributed control across independent administrative domains.
Key Properties
- Data residency compliance — your cosigner runs in your jurisdiction, under your cloud account
- AWS Nitro Enclave isolation — all secrets are hardware-isolated from the host OS
- Full governance control — you manage who can unseal, approve, and sign
- Independent cosigners — no single party (including Carabaas) can sign alone
Infrastructure Requirements
| Requirement | Minimum | Recommended |
|---|---|---|
| vCPU | 2 vCPU | 4 vCPU |
| RAM | 4 GB | 8 GB |
| Storage | Encrypted EBS volume | Encrypted, no delete on termination |
| Enclave | Optional (Docker mode) | AWS Nitro Enclave (2 vCPU, 2 GB) |
| Software | Docker, Docker Compose | Docker, Docker Compose |
Network Requirements
| Direction | Target | Purpose |
|---|---|---|
| Outbound | Carabaas API | Platform WebSocket + TLS |
| Inbound | Designated unsealers (port 3443) | HTTPS management interface |
| Inbound | Administrator (SSH) | Server administration |
Access to the cosigner server should be restricted. Only allow connections from selected hosts: administrators (SSH) and designated unsealers (port 3443).
We recommend the organization to own and control access to the cloud account where the cosigner is deployed.
Per-Organization Cosigner
We recommend deploying at least one cosigner per organization. Do not reuse the same cosigner across multiple organizations — each organization should have its own isolated cosigner instance.
See Cosigner Deployment for step-by-step instructions.
Fully Managed (Sandbox)
Both cosigners are hosted by Carabaas. Available in the sandbox environment for testing and development — no infrastructure setup required.
- Instant setup — start building in minutes
- Full API feature parity with production
- Testnet blockchains for end-to-end testing
- No cosigner deployment needed
Comparison
| Feature | Sandbox | Production |
|---|---|---|
| Cosigner 1 | Hosted by Carabaas | Your infrastructure |
| Cosigner 2 | Hosted by Carabaas | Hosted by Carabaas |
| Blockchains | Testnets | Mainnets + Testnets |
| API feature parity | Full | Full |
| Nitro Enclave | Not required | Required for Cosigner 1 |
| Signing control | Carabaas operates both cosigners | You + Carabaas each operate one cosigner |
| Console | sandbox.carabaas.com | console.carabaas.com |
Transition Path
- Build in Sandbox — develop and test your full integration on testnet
- Deploy your cosigner — set up your production cosigner on your infrastructure
- Create production vaults — vault creation generates new MPC keys across both cosigners
- Migrate operations — point your application to production API endpoints
Start in sandbox. Every step works end-to-end on testnet before you go live — no real funds involved.