diff --git a/lib/routes/api/speech-credentials.js b/lib/routes/api/speech-credentials.js
index 43ac9d02..86379284 100644
--- a/lib/routes/api/speech-credentials.js
+++ b/lib/routes/api/speech-credentials.js
@@ -116,6 +116,8 @@ const encryptCredential = (obj) => {
     secret,
     nuance_tts_uri,
     nuance_stt_uri,
+    deepgram_stt_uri,
+    deepgram_stt_use_tls,
     use_custom_tts,
     custom_tts_endpoint,
     custom_tts_endpoint_url,
@@ -186,8 +188,11 @@ const encryptCredential = (obj) => {
       return encrypt(nuanceData);
 
     case 'deepgram':
-      assert(api_key, 'invalid deepgram speech credential: api_key is required');
-      const deepgramData = JSON.stringify({api_key});
+      // API key is optional if onprem
+      if (!deepgram_stt_uri) {
+        assert(api_key, 'invalid deepgram speech credential: api_key is required');
+      }
+      const deepgramData = JSON.stringify({api_key, deepgram_stt_uri, deepgram_stt_use_tls});
       return encrypt(deepgramData);
 
     case 'ibm':
@@ -415,7 +420,9 @@ router.put('/:sid', async(req, res) => {
           cobalt_server_uri,
           model_id,
           options,
-          use_streaming
+          use_streaming,
+          deepgram_stt_uri,
+          deepgram_stt_use_tls,
         } = req.body;
 
         const newCred = {
@@ -439,7 +446,9 @@ router.put('/:sid', async(req, res) => {
           cobalt_server_uri,
           model_id,
           options,
-          use_streaming
+          use_streaming,
+          deepgram_stt_uri,
+          deepgram_stt_use_tls,
         };
         logger.info({o, newCred}, 'updating speech credential with this new credential');
         obj.credential = encryptCredential(newCred);
@@ -650,7 +659,7 @@ router.get('/:sid/test', async(req, res) => {
           SpeechCredential.ttsTestResult(sid, false);
         }
       }
-      if (cred.use_for_stt) {
+      if (cred.use_for_stt && api_key) {
         try {
           await testDeepgramStt(logger, {api_key});
           results.stt.status = 'ok';
diff --git a/lib/utils/speech-utils.js b/lib/utils/speech-utils.js
index 026c869c..eb5e785f 100644
--- a/lib/utils/speech-utils.js
+++ b/lib/utils/speech-utils.js
@@ -406,6 +406,8 @@ function decryptCredential(obj, credential, logger, isObscureKey = true) {
   else if ('deepgram' === obj.vendor) {
     const o = JSON.parse(decrypt(credential));
     obj.api_key = isObscureKey ? obscureKey(o.api_key) : o.api_key;
+    obj.deepgram_stt_uri = o.deepgram_stt_uri;
+    obj.deepgram_stt_use_tls = o.deepgram_stt_use_tls;
   }
   else if ('ibm' === obj.vendor) {
     const o = JSON.parse(decrypt(credential));
diff --git a/test/speech-credentials.js b/test/speech-credentials.js
index bfd5e7b2..aa5ff63e 100644
--- a/test/speech-credentials.js
+++ b/test/speech-credentials.js
@@ -292,6 +292,60 @@ test('speech credentials tests', async(t) => {
       });
       t.ok(result.statusCode === 204, 'successfully deleted speech credential');
     }
+    // test create deepgram onprem
+    result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,
+      body: {
+        vendor: 'deepgram',
+        use_for_stt: true,
+        deepgram_stt_uri: "127.0.0.1:50002",
+        deepgram_stt_use_tls: true
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully added speech credential for deepgram');
+    const dg_sid = result.body.sid;
+
+    result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${dg_sid}`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,   
+    });
+    //console.log(JSON.stringify(result));
+    t.ok(result.statusCode === 200, 'successfully get speech credential for deepgram');
+    t.ok(result.body.deepgram_stt_uri === '127.0.0.1:50002', "deepgram_stt_uri is correct for deepgram");
+    t.ok(result.body.deepgram_stt_use_tls === true, "deepgram_stt_use_tls is correct for deepgram");
+
+    result = await request.put(`/Accounts/${account_sid}/SpeechCredentials/${dg_sid}`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,
+      body: {
+        vendor: 'deepgram',
+        use_for_stt: true,
+        deepgram_stt_uri: "127.0.0.2:50002",
+        deepgram_stt_use_tls: false
+      }
+    });
+    t.ok(result.statusCode === 204, 'successfully updated speech credential for deepgram onprem');
+
+    result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${dg_sid}`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,   
+    });
+    //console.log(JSON.stringify(result));
+    t.ok(result.statusCode === 200, 'successfully get speech credential for deepgram onprem');
+    t.ok(result.body.deepgram_stt_uri === '127.0.0.2:50002', "deepgram_stt_uri is correct for deepgram onprem");
+    t.ok(result.body.deepgram_stt_use_tls === false, "deepgram_stt_use_tls is correct for deepgram onprem");
+
+    result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${dg_sid}`, {
+      auth: authUser,
+      resolveWithFullResponse: true,
+    });
+    t.ok(result.statusCode === 204, 'successfully deleted speech credential for deepgram onprem');
+
     /* add a credential for ibm tts */
     if (process.env.IBM_TTS_API_KEY && process.env.IBM_TTS_REGION) {
       result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {