The on-prem portal is only accessible under the organization that has on-prem enabled. If you don’t see it, switch to that organization in the account switcher.
Service Account
A service account is created for your account, this service account has the following accesses:- Access to a private artifact registry, which is used to host cartesia provided container images.
- Access to a common storage bucket:
gs://cartesia-onpremcontaining the deployment configurations. - Access to two private storage buckets used for hosting customer specific artifacts:
gs://cartesia-{name}(production) andgs://dev-cartesia-{name}(dev).
Customer Artifact Buckets
Two customer-specific buckets host voice migrations etc that your self-hosted deployment consumes at runtime:gs://cartesia-{name}— production artifactsgs://dev-cartesia-{name}— dev artifacts, for testing voices and pronunciation dictionaries before adding them to production
migrations/v2/migrations/.
Files land in migrations/v2/migrations/ when you call POST /onprem/add-voices or POST /onprem/add-pdict against the Cartesia cloud API. Pass dev_bucket: true to either endpoint to target the dev bucket. See Managing Artifacts for the migration APIs and hot-reload behavior.
Deployment Configurations
Thecartesia-onprem bucket contains versioned repository cartesia-kube which holds all of our deployment configurations.
cartesia-kube contains everything needed for all deployment methods:
Configuration Files
Each deployment method has its own configuration file insidecartesia-kube. Copy the .example file, fill in your values, and reference it during deployment.
Container Registry
Images are hosted atus-docker.pkg.dev/cartesia-external/self-serve and tagged with a release tag (e.g. sonic-20251118). The full image reference format is:
Images
NATS uses a public image and does not need to be pulled from the Cartesia registry.
Listing Available Tags
List available image tags sorted by most recent:cartesia-sonic-api with any image name from the table above. The ~ prefix sorts in descending order, showing the latest tags first.
Mirroring to a Private Registry
For air-gapped or network-restricted environments, mirror images to your own registry before deployment. Authenticate Docker with the service account:infra.imageRegistry (Helm) to your private registry URL.