stella-ops.org/git.stella-ops.org

Files

History

master 8da4e12a90 Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

..

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

AGENTS.md

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

architecture.md

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

implementation_plan.md

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

README.md

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

TASKS.md

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

README.md

StellaOps Registry Token Service

The registry module issues scoped pull tokens for mirrored container registries while enforcing plan and licence constraints.

Responsibilities

Validate Authority-issued OpToks and tenant scopes before issuance.
Mint time-bound registry tokens and record issuance ledgers.
Expose revocation and audit endpoints for security teams.
Integrate with Offline Kit for deterministic token manifests.

Key components

StellaOps.Registry.TokenService minimal API host.
Mongo-backed issuance ledger.
Tests under src/Registry/__Tests.

Integrations & dependencies

Authority for identity & scope verification.
Export Center/Offline Kit for distribution.
DevOps runbooks for deployment and rotation.

Operational notes

Operational guide at ./operations/token-service.md.
Telemetry dashboards pending (see ../../TASKS.md).

./operations/token-service.md

Backlog references

DEVOPS-REGISTRY items in ../../TASKS.md (future work).
Registry automation stories tracked in src/Registry/TASKS.md if present.

Epic alignment

Epic 10 – Export Center: provide signed, auditable registry token bundles for mirror distribution.
Epic 14 – Identity & Tenancy: enforce tenant-aware scopes, PoE alignment, and revocation policies.