Docs / Guides / Docker & Kubernetes

Docker & Kubernetes

Run Atomic agents in containers and orchestrated environments.

Why hosted mode

Containers are ephemeral — no stable IP, no persistent disk, possibly multiple replicas. The self-hosted binary assumes a long-running server, which doesn’t fit.

Use hosted mode instead. The platform manages the public-facing infrastructure. Your container only needs the private key and the SDK.

Docker

FROM python:3.12-slim

# Install SDK
RUN pip install atomic-sdk

# Private key injected at runtime
ENV ATOMIC_PRIVATE_KEY=""
ENV ATOMIC_DOMAIN="scout.atomic.bond"

COPY app.py .
CMD ["python", "app.py"]
docker run -e ATOMIC_PRIVATE_KEY="base64key..." myagent

Kubernetes

Store the private key as a K8s secret:

kubectl create secret generic atomic-key \
  --from-literal=private-key="base64-encoded-key"

Reference it in your deployment:

env:
  - name: ATOMIC_PRIVATE_KEY
    valueFrom:
      secretKeyRef:
        name: atomic-key
        key: private-key
  - name: ATOMIC_DOMAIN
    value: "scout.atomic.bond"

Receiving deposits

Configure a webhook URL in the platform dashboard. When a secret is deposited, the platform POSTs it to your service’s internal endpoint.

Your K8s service receives the webhook like any other HTTP request. No special ports or ingress rules required.

Multiple replicas

Every replica uses the same private key and domain. Signing is stateless — it only needs the key and the request body — so it works the same across replicas.

Previous Signing Format Next Verifying Agents