Skip to content
Truss Docs
Beta — Truss is in public beta. Documentation is actively updated but may not reflect the latest changes. Report issues on GitHub.

Welcome to Truss

Postgres, Auth, OAuth2, Permissions, Storage, Cache, Feature Flags, Realtime, and Webhooks — one dashboard you own, self-hosted.
Get Started View on GitHub

Free and open source — self-host the full platform on your own infrastructure.

What is Truss?

Section titled “What is Truss?”

Truss is the open-source, self-hosted backend console. Think Supabase or Firebase, but you run it yourself — with SSO, ReBAC permissions, OAuth2, API gateway, and feature flags all included in the core.

It provides a unified dashboard and client API for:

  • PostgreSQL — SQL workbench, schema browser + ERD, Auto-REST, pgvector, full-text search, cron jobs, branching, migrations, extensions, and foreign data wrappers
  • Authentication — email/password, social login, passkeys, and MFA (powered by Ory Kratos)
  • Authorization — relation-based access control / ReBAC (powered by Ory Keto)
  • OAuth2 / OIDC — issue tokens and run consent flows as your own identity provider (powered by Ory Hydra)
  • API Gateway — declarative authn/authz in front of your own services (powered by Ory Oathkeeper)
  • Storage — S3-compatible object storage with presigned URLs (powered by MinIO)
  • Cache / KV — Redis-compatible cache and key-value store (powered by Valkey)
  • Realtime — WebSocket subscriptions via PostgreSQL LISTEN/NOTIFY
  • Webhooks — HMAC-signed HTTP callbacks on database changes
  • Feature Flags — runtime flags and targeting (OpenFeature / flagd)

It also ships an MCP server so an AI agent can operate the instance, and built-in observability — Prometheus metrics, OpenTelemetry traces, and structured logs, on by default.

Client API

Section titled “Client API”

Every feature is reachable through a REST API, served on the same origin as the dashboard. Two layers:

  • Data API (/v1/db/:table, /v1/sql) — CRUD your tables, run SQL, call functions
  • Management API (/v1/status, /v1/keys, etc.) — manage the platform from a CLI, bot, or LLM

All client API endpoints require an API key passed via the apikey header.

The open-source core is single-org / single-project; multi-org and multi-project are Truss Cloud features.

Two ways to run it

Section titled “Two ways to run it”
  • Self-host — one command pulls the published images and brings up the whole stack on your own machine or server. No repo clone. Start with the Quickstart, then Self-Hosting for production (Helm, TLS, backups).
  • Truss Cloud — the same platform, hosted and managed, with multi-org, metering, and managed backups. Create an account and skip the ops.

Quickstart

Get a full instance running in one command. Start here.

Database

SQL-over-HTTP, Auto-REST, pgvector, full-text search. Database guide.

API Reference

Full endpoint reference for the client API. REST API docs.