A Runner is a lightweight execution agent that carries out the actions defined in your Blink workflows. Every runner belongs to a runner group, which determines its deployment location and operational scope.
By default, runners are hosted on Blink’s secure cloud infrastructure. However, for organizations that require tighter control over execution, Blink also supports self-hosted runners, which can be deployed within your own environment. This option provides enhanced flexibility, privacy, and security—allowing workflows to interact with internal systems, private networks, or on-prem services while keeping sensitive data fully contained.
Action Execution Flow:
The runner establishes communication with Blink’s Controller to receive actions for execution. The controller will never be the one who initiates the communication
Runners may retrieve the secret credentials required to execute actions from either of the following sources:
Blink’s Cloud Secret Store – A secure, managed store provided by Blink.
Customer-Managed Secret Stores – Currently supported options include:
Runners may temporarily store intermediate execution data in object storage. This data is automatically removed after the execution completes.
Supported storage options include:
This refers to traffic originating from Blink’s cloud services—either the Controller or hosted Runners—toward your internal systems or third-party APIs.
Action Required: To ensure Blink services can successfully reach your endpoints, configure your firewall or security groups to allow inbound connections from the following Blink public IP addresses.
44.194.139.218
,
3.217.19.166
,
54.81.101.61
,
107.20.97.38
18.153.177.126
,
18.199.243.129
,
18.199.203.194
,
This refers to traffic originating from your self-hosted Runner and entering Blink’s platform (app.blinkops.com
, eu1.blinkops.com
, or us2.blinkops.com
).
Action Required: Ensure your network’s egress rules allow outbound connections to Blink’s public endpoints, including the relevant CloudFront IP ranges:
Click here for the full JSON list of all CloudFront IP ranges
Learn how to deploy a Blink Runner to execute workflows securely within your environment.
Learn more about Blink’s secret managers that can be established within a customer’s personalized environment, guaranteeing secure management of connections within their controlled setting.
Learn more about the Runner Settings and how you can use it to manage your Runners.
Deploy multiple on-prem Runners for high availability, parallel execution, or workload isolation.
A Runner is a lightweight execution agent that carries out the actions defined in your Blink workflows. Every runner belongs to a runner group, which determines its deployment location and operational scope.
By default, runners are hosted on Blink’s secure cloud infrastructure. However, for organizations that require tighter control over execution, Blink also supports self-hosted runners, which can be deployed within your own environment. This option provides enhanced flexibility, privacy, and security—allowing workflows to interact with internal systems, private networks, or on-prem services while keeping sensitive data fully contained.
Action Execution Flow:
The runner establishes communication with Blink’s Controller to receive actions for execution. The controller will never be the one who initiates the communication
Runners may retrieve the secret credentials required to execute actions from either of the following sources:
Blink’s Cloud Secret Store – A secure, managed store provided by Blink.
Customer-Managed Secret Stores – Currently supported options include:
Runners may temporarily store intermediate execution data in object storage. This data is automatically removed after the execution completes.
Supported storage options include:
This refers to traffic originating from Blink’s cloud services—either the Controller or hosted Runners—toward your internal systems or third-party APIs.
Action Required: To ensure Blink services can successfully reach your endpoints, configure your firewall or security groups to allow inbound connections from the following Blink public IP addresses.
44.194.139.218
,
3.217.19.166
,
54.81.101.61
,
107.20.97.38
18.153.177.126
,
18.199.243.129
,
18.199.203.194
,
This refers to traffic originating from your self-hosted Runner and entering Blink’s platform (app.blinkops.com
, eu1.blinkops.com
, or us2.blinkops.com
).
Action Required: Ensure your network’s egress rules allow outbound connections to Blink’s public endpoints, including the relevant CloudFront IP ranges:
Click here for the full JSON list of all CloudFront IP ranges
Learn how to deploy a Blink Runner to execute workflows securely within your environment.
Learn more about Blink’s secret managers that can be established within a customer’s personalized environment, guaranteeing secure management of connections within their controlled setting.
Learn more about the Runner Settings and how you can use it to manage your Runners.
Deploy multiple on-prem Runners for high availability, parallel execution, or workload isolation.