Teams & self-hosting

Self-hosted Roblox asset pipeline your studio controls.

Q: Where are Open Cloud API keys stored?

Profile metadata lives in browser localStorage. API keys and webhook secrets are AES-GCM encrypted in IndexedDB — device-bound by default, or passphrase-protected for shared machines. Keys never rest on the Studio Vault server.

Q: What data leaves our network?

Only upload requests to Roblox Open Cloud. Library data, credential profiles at rest, and telemetry never leave your controlled environment unless explicitly exported.

Bulk Open Cloud uploads, local libraries, model package updates, and InsertService scripts — deployed on your infrastructure. No multi-tenant SaaS. No vendor holding your API keys.

View deploy guide Open workspace GitHub

MIT · Docker-ready · Optional audit logs · Roblox Open Cloud only

Why studios choose Studio Vault

Pipeline tooling you can audit — not rent.

Same local-first workflow solo developers love — packaged for security review and team operations.

Bulk Open Cloud uploads

Queue images, audio, models, and meshes with concurrency control, retries, and per-item status — the daily pipeline Creator Dashboard wasn't built for.

Model package PATCH

Replace FBX content on an existing rbxassetid without breaking references. Ship iterative art passes without re-wiring every script.

InsertService scripts

Generate Luau loaders from your library for instant Studio workspace loading during development and QA.

Multi-profile groups

Separate credential profiles per user or group. Switch from the header before each batch — keys encrypted in IndexedDB, never on the server.

Zero telemetry

No analytics, no third-party CDNs, no cloud-synced libraries. MIT licensed. Auditable source you can fork and deploy.

Security architecture

One egress path. Full transparency.

Browser → your Next.js proxy → Roblox Open Cloud. Nothing else. Read the threat model.

IndexedDB library, encrypted credential vault, upload queue UI

Never leaves your network

Asset library metadata (IndexedDB)
Credential profile metadata (localStorage — labels and creator IDs only)
Encrypted API keys and webhook secrets (IndexedDB credential vault)
API keys on the server (never stored server-side by default)
File bytes after upload completes (not persisted on server)
Telemetry or analytics payloads

During upload only

API keys travel per-request from the browser to your proxy, then to Roblox. They are not written to server disk, logged, or stored in a database. Optional audit logs record asset metadata — never secrets.

Deployment options

Run it where your policies allow.

Docker is the primary path. Full env var reference and reverse-proxy examples in docs/DEPLOYMENT.md.

Docker (recommended)

Multi-stage production image, non-root user, port 3000.

deploy.sh

docker build -t studio-vault .
docker run -p 3000:3000 \
  -e NEXT_PUBLIC_SITE_URL=https://vault.yourstudio.com \
  studio-vault

npm build + start

Standard Node deployment behind your existing reverse proxy.

build.sh

npm ci
npm run build
npm start

Behind reverse proxy

Terminate TLS at nginx, Caddy, or Cloudflare Access. Inject SSO actor headers for audit logs.

nginx.conf

# nginx — forward actor from SSO
proxy_set_header X-Studio-Vault-Actor $remote_user;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Team workflows

Collaborate without a cloud backend.

Git-backed library sync, profile conventions, and optional audit trails. Team workflow guide.

Git-backed library sync

Export library.json or CSV from any teammate's workspace. Commit the canonical manifest to your game repo. Others import or merge on pull.

Encrypted credential vault

Device-bound AES-GCM encryption by default. Optional passphrase vault with auto-lock for shared machines — metadata stays visible when locked.

Credential profiles per group

Label profiles by experience or publishing group. Document which Open Cloud key maps to which creator ID in your internal runbook — keys never go in Git.

Optional audit logging

Enable RBLXUPLOADS_AUDIT_LOG=1 on your instance. Structured JSON lines per upload — actor, asset ID, status — never API keys or file contents.

CI/CD via CLI

Headless studio-vault upload for pipelines. Machine-readable JSON lines, env-based credentials, GitHub Actions examples in docs/CI.md.

Git sync flow

library.manifest.json

①Artist exports library.json

②Repo stores canonical .studio-vault/manifest

③Teammate merges into local IndexedDB

No server database. No vendor sync. Your game repo is the source of truth for asset metadata.

Comparison

Studio Vault vs alternatives

Honest positioning for procurement and engineering leads.

Capability	Studio Vault	Creator Dashboard	Build in-house
Bulk upload queue with retries	Yes	◐Partial	Yes
Local searchable asset library	Yes	No	◐Partial
Model package in-place PATCH	Yes	◐Partial	Yes
InsertService script generator	Yes	No	◐Partial
Self-hosted / air-gapped deploy	Yes	No	Yes
Encrypted credential vault (device + passphrase)	Yes	No	◐Partial
Zero telemetry by default	Yes	No	◐Partial
Time to ship	Minutes	Immediate	Weeks–months
Maintenance burden	Low (OSS updates)	None	High

◐ = limited or manual workflow. Creator Dashboard excels at one-off publishing; Studio Vault targets daily pipeline work at studio scale.

FAQ for security reviewers

Questions IT and procurement ask

Keys, data residency, logging, SSO proxy patterns — answered for your security review packet.

Where are Open Cloud API keys stored?

Profile metadata (labels, creator IDs) lives in browser localStorage. API keys and webhook secrets are encrypted in IndexedDB with AES-GCM — device-bound by default, or passphrase-protected for shared machines. During upload, keys travel per-request from browser → your self-hosted proxy → Roblox. For CI, keys live in the pipeline secret store or runner env, not in the Studio Vault instance.

What data leaves our network?

Only upload requests to Roblox Open Cloud (file bytes + asset metadata required by the API). Library data, credential profiles at rest, and telemetry never leave your controlled environment unless you explicitly export them.

Where does data reside?

Asset libraries live in each user's browser IndexedDB. Self-hosted Studio Vault stores no user database. Optional audit logs write to stdout or a file path you configure on your infrastructure.

What gets logged when audit logging is enabled?

Timestamp, event type (create/patch), optional actor header, creator ID/type, asset ID, display name, file name, asset type, status, duration, and request ID. API keys, file contents, and raw Roblox error payloads with secrets are never logged.

Can we integrate SSO?

Studio Vault has no in-app user accounts. Place it behind your identity proxy (Cloudflare Access, oauth2-proxy, nginx auth) and forward X-Studio-Vault-Actor or X-Forwarded-Email when RBLXUPLOADS_TRUST_PROXY=1 for audit attribution. See docs/DEPLOYMENT.md.

Is this multi-tenant SaaS?

No. Each studio deploys their own instance. There are no shared accounts, billing tiers, or cloud-synced libraries. Team workflows use Git-exported manifests and documented conventions — not a vendor database.

How do teams share libraries without a cloud backend?

Export JSON/CSV from the workspace, commit library.manifest.json to your game repo, and import or merge on other machines. Credential metadata (labels, creator IDs) can export separately — API keys require explicit opt-in with confirmation.

What compliance certifications does Studio Vault have?

Studio Vault is MIT open source you self-host. It is not a SOC 2 certified SaaS. Security reviewers can audit the source, threat model (docs/SECURITY.md), and network diagram on this page. Your compliance posture depends on how you deploy and operate it.

Self-host on your terms.

Deploy with Docker, wire your reverse proxy, and point your team at a URL you control. Need help rolling it out across a studio? studio-vault@starvsk.dev

Deploy guide Open workspace View source