diff --git a/README.md b/README.md
index bcbf651..6f53794 100644
--- a/README.md
+++ b/README.md
@@ -4,14 +4,14 @@ Production installer for the Triton Manage Server. Container-based (Docker or Po
 
 ## Install
 
-Your vendor provides a licence bundle — a folder containing two files:
+Your vendor provides a licence bundle — a single file:
 
 ```
-triton-bundle/
-├── license.lic   # signed offline licence token
-└── pubkey        # vendor's Ed25519 public key
+license.lic   # signed offline licence token
 ```
 
+The vendor's public key is baked into the image at build time — nothing else to configure.
+
 Point the installer at the bundle:
 
 ```bash
diff --git a/manage-server/env.template b/manage-server/env.template
index 4b35b04..c99cffa 100644
--- a/manage-server/env.template
+++ b/manage-server/env.template
@@ -59,8 +59,8 @@ TRITON_MANAGE_SESSION_TTL=24h
 # install.sh automatically — do not edit manually.
 TRITON_LICENSE_KEY=
 
-# Vendor's Ed25519 public key (64 hex chars). Set by install.sh from the
-# pubkey file in your vendor bundle — do not edit manually.
+# Vendor's Ed25519 public key (64 hex chars). Baked into the image at
+# build time — leave empty unless you need to override the compiled-in key.
 TRITON_MANAGE_LICENSE_SERVER_PUBKEY=
 
 # Vendor's License Server URL. Optional — enables ongoing heartbeats and
diff --git a/manage-server/install.sh b/manage-server/install.sh
index 77660a0..4b9dcee 100755
--- a/manage-server/install.sh
+++ b/manage-server/install.sh
@@ -7,10 +7,9 @@
 # Usage:
 #   sudo bash install.sh --license-file /path/to/bundle/license.lic
 #
-# The license bundle (provided by your vendor) contains two files:
+# The license bundle (provided by your vendor) is a single file:
 #   license.lic   — signed offline licence token
-#   pubkey        — vendor's Ed25519 public key (64 hex chars)
-# Both files must be in the same directory.
+# The vendor's public key is baked into the image at build time.
 #
 # Flags:
 #   --license-file PATH             Path to license.lic from your vendor bundle. Required.
@@ -56,13 +55,7 @@ done
 [[ -n "$LICENSE_FILE" ]] || die "--license-file is required (path to license.lic from your vendor bundle)"
 [[ -f "$LICENSE_FILE" ]] || die "license file not found: $LICENSE_FILE"
 
-BUNDLE_DIR="$(cd -- "$(dirname -- "$LICENSE_FILE")" && pwd)"
-PUBKEY_FILE="$BUNDLE_DIR/pubkey"
-[[ -f "$PUBKEY_FILE" ]] || die "pubkey file not found: $PUBKEY_FILE (must be in the same directory as license.lic)"
-
 LICENSE_TOKEN="$(cat "$LICENSE_FILE")"
-LICENSE_PUBKEY="$(cat "$PUBKEY_FILE" | tr -d '[:space:]')"
-[[ ${#LICENSE_PUBKEY} -eq 64 ]] || die "pubkey file must contain a 64 hex-char Ed25519 public key"
 
 # ── runtime detection ────────────────────────────────────────────────────
 if command -v podman-compose >/dev/null 2>&1; then
@@ -99,10 +92,7 @@ if [[ ! -f "$ENV_FILE" ]]; then
         "$ENV_FILE"
     info "secrets generated"
 
-    sed -i \
-        -e "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" \
-        -e "s|^TRITON_LICENSE_KEY=.*|TRITON_LICENSE_KEY=$LICENSE_TOKEN|" \
-        "$ENV_FILE"
+    sed -i "s|^TRITON_LICENSE_KEY=.*|TRITON_LICENSE_KEY=$LICENSE_TOKEN|" "$ENV_FILE"
     info "licence configured"
 
     [[ -n "$LICENSE_SERVER_URL" ]] && sed -i "s|^TRITON_LICENSE_SERVER_URL=.*|TRITON_LICENSE_SERVER_URL=$LICENSE_SERVER_URL|" "$ENV_FILE"