This information only applies to organizations on the Enterprise plan.
This page describes the basic setup for a private instance of the Buf Schema Registry (BSR). Currently, this requires manual work and communication between Buf engineers and your organization.
Configure your DNS
Your BSR instance is hosted using a custom domain provided by you. For example, if your domain is
might choose to use
buf.example.com as your private BSR server hostname. Once you've chosen a hostname for your BSR
instance, please inform us of the name.
A Buf engineer will provide you with the value for your
CNAME records. The following examples use
example-corp.enterprise.buf.build as a placeholder for this value.
buf.example.com. CNAME example-corp.enterprise.buf.build.
Your private BSR instance will be reachable from the public internet and is protected by SSO and CLI tokens. If your organization requires additional security measures such as IP range restriction, please reach out to discuss.
Private BSR instances only support login through SSO. During setup, a Buf engineer will work with your organization to configure it. See the SSO docs for details and instructions about updating your configuration.
Assign administrative users
After SSO has been configured and the first users have successfully logged in, at least one user needs to be promoted to server administrator. During the setup process, please indicate to your Buf representative which users should be promoted.
After these steps are complete, your private BSR is ready to use.
- Read the user lifecycle page to understand how Buf provisions users in the BSR
- Review the relevant SSO and/or SCIM docs for your Identity Provider (IdP)