stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

up

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-11 08:20:04 +02:00
parent 49922dff5a
commit b8b493913a
82 changed files with 14053 additions and 1705 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
config/crypto-profiles.sample.json Normal file
View File

@@ -0,0 +1,34 @@
{
"StellaOps": {
"Crypto": {
"Registry": {
"ActiveProfile": "world",
"PreferredProviders": [ "default" ],
"Profiles": {
"ru-free": { "PreferredProviders": [ "ru.openssl.gost", "ru.pkcs11", "sim.crypto.remote" ] },
"ru-paid": { "PreferredProviders": [ "ru.cryptopro.csp", "ru.openssl.gost", "ru.pkcs11", "sim.crypto.remote" ] },
"sm": { "PreferredProviders": [ "cn.sm.soft", "sim.crypto.remote" ] },
"eidas": { "PreferredProviders": [ "eu.eidas.soft", "sim.crypto.remote" ] },
"fips": { "PreferredProviders": [ "fips.ecdsa.soft", "sim.crypto.remote" ] },
"kcmvp": { "PreferredProviders": [ "kr.kcmvp.hash", "sim.crypto.remote" ] },
"pq": { "PreferredProviders": [ "pq.soft", "sim.crypto.remote" ] }
}
},
"Sim": {
"BaseAddress": "http://localhost:8080"
},
"CryptoPro": {
"Keys": [],
"LicenseNote": "Customer-provided CryptoPro CSP .deb packages; set CRYPTOPRO_ACCEPT_EULA=1; Linux only."
},
"Pkcs11": {
"LibraryPath": "/usr/lib/pkcs11/lib.so",
"Keys": []
}
},
"Compliance": {
"ProfileId": "world",
"StrictValidation": true
}
}
}

8
config/env/.env.eidas.example vendored Normal file
View File

@@ -0,0 +1,8 @@
STELLAOPS_CRYPTO_COMPLIANCE_PROFILE=eidas
STELLAOPS__CRYPTO__REGISTRY__ACTIVEPROFILE=eidas
EIDAS_SOFT_ALLOWED=1
# QSCD PKCS#11 path + PIN when hardware is available:
# STELLAOPS__CRYPTO__PKCS11__LIBRARYPATH=/usr/lib/qscd/libpkcs11.so
# EIDAS_QSCD_PIN=changeme
STELLAOPS_CRYPTO_ENABLE_SIM=1
STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080

6
config/env/.env.fips.example vendored Normal file
View File

@@ -0,0 +1,6 @@
STELLAOPS_CRYPTO_COMPLIANCE_PROFILE=fips
STELLAOPS__CRYPTO__REGISTRY__ACTIVEPROFILE=fips
FIPS_SOFT_ALLOWED=1
# Optional: AWS_USE_FIPS_ENDPOINTS=true
STELLAOPS_CRYPTO_ENABLE_SIM=1
STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080

5
config/env/.env.kcmvp.example vendored Normal file
View File

@@ -0,0 +1,5 @@
STELLAOPS_CRYPTO_COMPLIANCE_PROFILE=kcmvp
STELLAOPS__CRYPTO__REGISTRY__ACTIVEPROFILE=kcmvp
KCMVP_HASH_ALLOWED=1
STELLAOPS_CRYPTO_ENABLE_SIM=1
STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080

6
config/env/.env.ru-free.example vendored Normal file
View File

@@ -0,0 +1,6 @@
STELLAOPS_CRYPTO_COMPLIANCE_PROFILE=gost
STELLAOPS__CRYPTO__REGISTRY__ACTIVEPROFILE=ru-free
STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=1
STELLAOPS_RU_OPENSSL_REMOTE_URL=
STELLAOPS_CRYPTO_ENABLE_SIM=1
STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080

7
config/env/.env.ru-paid.example vendored Normal file
View File

@@ -0,0 +1,7 @@
STELLAOPS_CRYPTO_COMPLIANCE_PROFILE=gost
STELLAOPS__CRYPTO__REGISTRY__ACTIVEPROFILE=ru-paid
STELLAOPS_CRYPTO_ENABLE_RU_CSP=1
CRYPTOPRO_ACCEPT_EULA=1
# Bind customer-provided debs to /opt/cryptopro/downloads inside the service container.
STELLAOPS_CRYPTO_ENABLE_SIM=1
STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080

6
config/env/.env.sm.example vendored Normal file
View File

@@ -0,0 +1,6 @@
STELLAOPS_CRYPTO_COMPLIANCE_PROFILE=sm
STELLAOPS__CRYPTO__REGISTRY__ACTIVEPROFILE=sm
SM_SOFT_ALLOWED=1
STELLAOPS_CRYPTO_ENABLE_SM_PKCS11=0
STELLAOPS_CRYPTO_ENABLE_SIM=1
STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080