HiveKey

Product

OverviewScopeGuardLogEnforcementPlatform & gatewayIntegrations

Solutions

Security teamsPlatform engineeringCompliance & GRCPII & data protectionAI & ML teamsBy industryUse cases

Developers

DocsHow it worksAPI referenceMCP governanceMCP directory

Resources

BlogLearnGlossaryCompareComplianceTrust center

Company

AboutTeamContact
Pricing Book a demo
Enterprise pricing · private beta

Priced to your fleet, not a seat count.

HiveKey is an enterprise control plane. We size every engagement to your agents, your deployment, and your security review — there's no self-serve tier. Here's what each plan includes; we set pricing with you before any contract.

Plans and pricing

Pilot

Prove HiveKey on your highest-risk agents, with our team.

Design partner

Scoped paid pilot — set with you

Book a demo
  • Your highest-risk agents under policy
  • Scope, Guard & Log on every action
  • 1 immutable audit trail
  • Hands-on onboarding with our team
  • Success criteria agreed up front
  • Direct line to the founders
Most popular

Enterprise

Govern every agent across the org under one policy.

Talk to sales

Priced to your fleet — not per seat

Talk to sales
  • Unlimited governed agents
  • RBAC roles + approval workflows
  • SSO / SAML & SCIM provisioning
  • SIEM streaming (Splunk, Datadog, S3)
  • Tamper-evident audit, custom retention
  • Priority support + shared Slack channel

Self-hosted

Run the full control plane inside your own perimeter.

Custom

annual contract · procurement-ready

Contact us
  • Self-hosted or private cloud (VPC)
  • BYO KMS / secrets · data residency
  • Dedicated tenant isolation
  • Custom uptime SLA + named TAM
  • Security review, DPA & MSA support
  • Air-gap friendly deployment

HiveKey is in private beta — we set pricing with you based on your fleet and needs. Public pricing lands at general availability. Talk to us for a quote.

Every plan includes

Scope, Guard & Log on every action
Enforcement in the path — no bypass
Encryption in transit and at rest
Credential vaulting for upstream keys
Agent registry with instant revoke
Email, payments, calendar & MCP gating
Compare plans

Every feature, side by side.

Grouped by the controls that wrap each action — Scope, Guard, and Log — plus how you run them across the fleet.

Feature Pilot Enterprise Self-hosted
Scope
Governed agents Your top agents Unlimited Unlimited
Role-based scopes
Per-action capability grants
Approval workflows
Custom roles & inheritance
Guard
Policy enforced in the path
Spend caps & rate limits
Domain & destination allow-lists
Sign-off thresholds
Custom policy expressions
Log
Immutable action log
Log retention Pilot window Custom Custom
Export (CSV / JSON)
SIEM streaming
Tamper-evident hash chain
Fleet
Agent registry
Instant kill switch
SSO / SAML
SCIM provisioning
Environments (dev / staging / prod) Pilot scope Unlimited Unlimited
Security
Encryption in transit & at rest
Credential vaulting
Tenant isolation Shared Shared Dedicated
Self-hosted / VPC
Data residency controls
Support
Email & community
Priority support
Shared Slack channel
Uptime SLA Custom Custom
Named technical account manager
Included Not included ★ Most popular
Pricing FAQ

Questions before you commit.

Still unsure? Our team will walk you through pricing on a call.

How does HiveKey price?

Per agent identity you put under HiveKey — an automation, a vendor bot, an internal service — not per seat and not per action. We size each engagement to your fleet, your deployment, and your security review, and confirm pricing with you before any contract. Usage spikes don't turn into billing surprises.

Is there a self-serve or free tier?

No. HiveKey is an enterprise control plane, sold through a demo and a scoped pilot, with hands-on onboarding from our team. We don't offer a sign-up-and-go tier — governing the agents that touch your money, data, and production is not something you should wire up alone.

Is HiveKey generally available?

Not yet. HiveKey is in private beta with a small group of design partners. The plans here are the shape of what's included, not final numbers — we confirm scope and pricing with you before any contract. Design partners lock in preferential terms.

Can we run it in our own environment?

Yes. On the Self-hosted plan the full control plane runs inside your own VPC or on-prem, with your own data stores and KMS, so no action data leaves your perimeter. We provide a reference architecture for your stack and support air-gapped deployments.

How do procurement and security review work?

We're built for it. We support security questionnaires, DPA and MSA review, and your vendor-onboarding process, and we share our Trust Center, SOC 2 direction, and subprocessor list up front. Your security and legal teams are part of the engagement from day one.

What does a pilot look like?

A scoped, paid pilot on your highest-risk agents, with success criteria agreed up front and our team hands-on through setup, roles, audit, and SSO. You see HiveKey scope, guard, and log real actions on your own agents before any broader rollout.

Evaluating against the alternatives? See the full comparison or read about how we secure your data.

Ready to put your agents under one policy?

Join the private beta and we'll help you scope roles, wire up audit, and connect SSO.

Book your 30-min demo Talk to us