stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9c5852ad0feda6f742050469cac806e47a2e70ea
git.stella-ops.org/etc/README.md

84 lines
2.9 KiB
Markdown
Raw Blame History

# StellaOps Configuration (`etc/`)
This directory contains all configuration for StellaOps services. It is the **single source of truth** for deployment configuration.
## Directory Structure
```
etc/
├── authority/ # Authentication & authorization service
├── certificates/ # Trust anchors and signing keys
├── concelier/ # Advisory ingestion service
├── crypto/ # Regional cryptographic profiles
├── env/ # Environment-specific profiles (dev/stage/prod/airgap)
├── llm-providers/ # AI/LLM provider configurations
├── notify/ # Notification service & templates
├── plugins/ # Plugin manifests (configuration, not binaries)
├── policy/ # Policy engine configuration & packs
├── router/ # Transport router configuration
├── scanner/ # Container scanning service
├── scheduler/ # Job scheduling service
├── scm-connectors/ # Source control integrations
├── secrets/ # Development secrets only (NEVER for production)
├── signals/ # Runtime signals configuration
└── vex/ # VEX processing services
```
## File Naming Convention
| Pattern | Purpose | Git Status |
|---------|---------|------------|
| `*.yaml.sample` | Documented template with all options | Committed |
| `*.yaml` | Active configuration | Git-ignored |
| `*.env.sample` | Environment variable template | Committed |
| `env.*` | Active environment file | Git-ignored |
## Quick Start
```bash
# 1. Copy sample to active config
cp etc/scanner/scanner.yaml.sample etc/scanner/scanner.yaml
# 2. Edit for your environment
vi etc/scanner/scanner.yaml
# 3. Copy environment profile
cp etc/env/dev.env.sample etc/env/dev.env
```
## Regional Crypto Profiles
For compliance with regional cryptographic standards:
| Profile | Standard | Use Case |
|---------|----------|----------|
| `us-fips` | FIPS 140-3 | US Federal, DoD |
| `eu` | eIDAS | EU qualified signatures |
| `ru` | GOST R 34.10/11/12 | Russian Federation |
| `cn` | GM/T (SM2/SM3/SM4) | China |
| `kr` | KCMVP | South Korea |
Activate via:
```bash
export STELLAOPS_CRYPTO_PROFILE=us-fips
```
## What Lives Elsewhere
| Directory | Purpose |
|-----------|---------|
| `plugins/` | Compiled plugin binaries (runtime artifacts) |
| `opt/` | Optional vendor packages (CryptoPro, etc.) |
| `offline/` | Air-gap operational state (feeds, packages) |
## Security
- **NEVER commit active configs** (`.yaml` files are git-ignored)
- **Secrets via environment variables** or external secret managers
- **`etc/secrets/`** contains ONLY development/sample keys - never for production
- **Production signing keys** must come from HSM, Vault, or KMS
## Documentation
Full guide: [docs/operations/configuration-guide.md](../docs/operations/configuration-guide.md)
Reference in New Issue View Git Blame Copy Permalink