Licensing
How Arctic verifies licenses, what an expired license does, and what a license gates
Every Arctic agent runs against a license. It proves the deployment is authorized, fixes the cluster's identity boundary, and caps how large the cluster can grow.
What a license is
A license is an Ed25519-signed document. The agent verifies its signature against keys that are baked into the agent binary at build time, so verification needs no network call and no external key server. There is no setting that points the agent at a different trust root; the embedded keys are the root.
The agent verifies the license at two points:
- at bootstrap, when an operator first supplies it with
arctic bootstrap --license-file - on every startup, re-checking the stored license against the same embedded keys
An unverifiable license at startup is a hard failure. The agent refuses to start rather than running with a license it cannot trust.
The expiry state machine
A license does not flip straight from valid to dead. It walks through five states, giving an operator warning and a grace window before anything stops. The current state is persisted, so the agent resumes in the right state across restarts.
| State | Trigger | What it allows |
|---|---|---|
| valid | normal | everything |
| warning | within 30 days of expiry | everything; surfaces a warning |
| grace period | expired, within a 14-day grace | everything; fully operational |
| read-only | grace elapsed | reads and the data plane keep working; writes are blocked |
| suspended | read-only elapsed | services stop; most API endpoints are refused |
In the read-only state, traffic keeps flowing and you can still read cluster state, but you cannot create or change peers, services, or routes until the license is renewed. In the suspended state, services stop and most of the API is refused. Renew before the grace window closes to avoid either.
What the license gates
The license controls three things:
- Cluster identity. The license carries the CustomerID that two peers must share before they merge state, so it is the cluster's identity boundary. See Clustering for how that boundary works.
- Deployment size. The license bounds the node count and service count the cluster may run.
- Feature set. The license decides which features the agent enables.
Checking and updating a license
Check the current license and its expiry state:
arctic license statusUpdate to a renewed or upgraded license:
arctic license update --license-file license.jsonBecause the CustomerID is stable across renewals, updating the license keeps the cluster's identity intact while extending its expiry, raising its limits, or changing its feature set.
See also
- Clustering - how the CustomerID anchors cluster identity
- CLI reference - the
licensecommands in full