git.stella-ops.org/etc/rootpack/ru/crypto.profile.yaml

StellaOps:
  Crypto:
    Registry:
      ActiveProfile: ru-offline
      PreferredProviders:
        - default
      Profiles:
        ru-offline:
          PreferredProviders:
            - ru.cryptopro.csp
            - ru.pkcs11
    CryptoPro:
      Keys:
        - KeyId: ru-csp-default
          Algorithm: GOST12-256
          ProviderName: "Crypto-Pro GOST R 34.10-2012 Cryptographic Service Provider"
          CertificateThumbprint: "<thumbprint>"
          CertificateStoreLocation: LocalMachine
          CertificateStoreName: My
          ContainerName: CN=RootPack Signing
    Pkcs11:
      Keys:
        - KeyId: ru-token-default
          Algorithm: GOST12-256
          LibraryPath: /usr/local/lib/librutokenecp.so
          SlotId: "0x1"
          Pin: "${PKCS11_PIN}"
          PrivateKeyLabel: rootpack-signing
          CertificateThumbprint: "<thumbprint>"
    Diagnostics:
      Providers:
        Enabled: true
        Metrics:
          LogLevel: Information