stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
8da4e12a90fd82f6b2ec870bb73e0499b4ff6343
git.stella-ops.org/docs/modules/signer/README.md
master 8da4e12a90 Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00

1.2 KiB
Raw Blame History

StellaOps Signer

Signer validates callers, enforces Proof-of-Entitlement, and produces signed DSSE bundles for SBOMs, reports, and exports.

Responsibilities

  • Enforce plan quotas and PoE before signing artifacts.
  • Support keyless and keyful signing backends.
  • Emit DSSE payloads consumed by Attestor and downstream bundles.
  • Maintain audit trails for all signing operations.

Key components

  • StellaOps.Signer service host.
  • Crypto providers under StellaOps.Cryptography.*.

Integrations & dependencies

  • Authority for OpTok validation.
  • Attestor for transparency logging.
  • Export Center and CLI for artifact signing flows.

Operational notes

  • Key management via Authority/DevOps runbooks.
  • Metrics for signing latency/throttle states.
  • Offline kit integration for signature verification.

Backlog references

  • SIG docs/tasks in ../../TASKS.md (e.g., DOCS-SIG-26-006).

Epic alignment

  • Epic 10 Export Center: provide signing pipelines, cosign interoperability, and provenance manifests for bundle promotion.
  • Epic 19 Attestor Console: supply DSSE payloads and Proof-of-Entitlement enforcement feeding attestation workflows described in docs/modules/attestor/.