Pricing

Three tiers.
No surprises.

Start with managed early access, license the self-hosted binary, or move to Enterprise for source-available access and independent audit rights.

Managed

We run mezhub for you

Early access

A managed mezhub instance provisioned per tenant on our infrastructure. Closed-source signed binary, your data in your tenant. Sign up on cloud.mezite.com — pricing during early access is set per deployment.

Try Managed
  • Managed mezhub instance provisioned per tenant
  • SSH certificate-based authentication
  • Session recording (local or S3)
  • RBAC with deny rules
  • OIDC / SAML / GitHub SSO
  • Audit log
  • We run the control plane; you keep your data in your tenant

Self-Hosted

Run on your infrastructure

Talk to us

Licensed signed binary you run on your own infrastructure. Full feature set. Closed source — distributed only as signed binaries and container images. Contact sales for license terms and pricing.

Get a License
  • Signed mezhub binary + container image
  • Full RBAC with deny rules
  • OIDC, SAML, LDAP/AD, GitHub SSO
  • Session recording (local FS or S3)
  • Access requests & JIT access
  • Per-session MFA (TOTP, WebAuthn)
  • Agent identity (mezd identity / SPIFFE)
  • Trusted clusters for cross-cluster SSH
  • Email support

Enterprise

Source access included

Custom

Self-Hosted plus a source-available license. Your security team gets the full source for independent review, scanning, and compliance — under a non-redistributable enterprise license.

Talk to Sales
  • Everything in Self-Hosted
  • Source-available license for audit & scanning
  • Reproducible builds you can verify against shipped binaries
  • Independent SAST / DAST and pentest rights
  • Moderated sessions (peer / moderator join modes)
  • Device trust enforcement
  • Dedicated security engineer & SLA
  • Onboarding and architecture review
  • Priority CVE pre-disclosure
Why closed source?

Controlled distribution, audited where it matters

Mezite ships as signed binaries and container images. We do not publish source publicly. This is a deliberate commercial and security posture: it keeps the build pipeline and key material under our control, and reduces the surface available to opportunistic source scanning.

For customers who require source-level review — security teams, auditors, regulated industries — Enterprise customers receive a source-available license with rights to read, audit, scan, and pentest the codebase. See Enterprise Source Access for terms.

What counts as an identity?

Users, machines, and AI agents

An identity is anything that authenticates through Mezite and receives a certificate — human users via SSO, and agent identities managed by mezd identity (CI/CD pipelines, services, automation).

Users

Human engineers, operators, and admins who SSH into nodes

Machines

CI/CD pipelines, services, and automation via mezd identity

FAQ

Common questions

Is Mezite open source?

No. Mezite is closed source and proprietary. We distribute signed binaries and container images only. Enterprise customers receive a source-available license for audit and scanning purposes.

Can I see the source before buying Enterprise?

We provide source-access evaluation under NDA for serious Enterprise prospects. Contact sales@mezite.com. The Managed and Self-Hosted tiers do not include any source access.

How do I trust a closed-source security product?

Through reproducible builds (verifiable via `make reproducible-build-check`), cosign-signed releases, and responsible disclosure. Enterprise customers can additionally inspect, scan, and pentest the source themselves under the source-available license.

What does the Managed tier include today?

Managed is currently in early access. We provision a dedicated mezhub instance per tenant on our infrastructure; pricing is set per deployment while we shape the long-term tiers. Reach out via cloud.mezite.com or sales@mezite.com.

Do agent identities count too?

Yes. Every identity that authenticates through Mezite counts — human users via SSO, and agent identities issued through mezd identity (CI/CD pipelines, services, automation).

Can I redistribute the Enterprise source?

No. The Enterprise license grants read, audit, scan, and pentest rights to your organization. Redistribution, public release, or building competing products from the source is not permitted.

Closed source · signed binaries

Pick the tier that fits how you want to run it

Sign up for managed early access, license the binary for your own infrastructure, or step up to Enterprise for source-available review.

Try Managed Contact Sales