stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
43e2af88f621a3a015293b86e03e302ba92ab752
git.stella-ops.org/docs/modules/registry/README.md
StellaOps Bot 9a08d10b89 docs consolidation
2025-12-24 12:38:14 +02:00

1.2 KiB
Raw Blame History

StellaOps Registry Token Service

Registry Token Service issues short-lived Docker registry bearer tokens for private or mirrored registries. It exchanges an Authority-issued access token for a registry-compatible JWT after enforcing plan/licence constraints.

Responsibilities

  • Validate Authority-issued caller identity and required scopes (default registry.token.issue).
  • Authorize requested repository scopes against a local plan catalogue (stellaops:plan claim + configured rules).
  • Block issuance for revoked licences (stellaops:license claim + configured deny list).
  • Mint registry tokens with a bounded lifetime (default 5 minutes) signed by a local RSA key.

Key endpoints

  • GET /token - Docker registry token exchange endpoint.
  • GET /healthz - liveness probe.

Code locations

  • Service: src/Registry/StellaOps.Registry.TokenService
  • Tests: src/Registry/__Tests/StellaOps.Registry.TokenService.Tests

Configuration

  • File: etc/registry-token.yaml
  • Environment variables: REGISTRY_TOKEN_*

Related docs

  • Architecture: docs/modules/registry/architecture.md
  • Operations: docs/modules/registry/operations/token-service.md