# Signer

## Purpose
Produce DSSE envelopes and enforce Proof of Entitlement (PoE).

## Inputs
- Signing requests from trusted services
- OpTok and PoE

## Outputs
- DSSE bundles for SBOMs, reports, and exports

## Data and storage
- Audit logs only

## Key dependencies
- Authority
- OCI registry referrers
- KMS or Fulcio

## Notes and boundaries
- Does not write to Rekor

## Related docs
- docs/modules/signer/architecture.md