stella-ops.org/git.stella-ops.org

Files

History

StellaOps Bot 9a08d10b89 docs consolidation

2025-12-24 12:38:14 +02:00

..

Align AOC tasks for Excititor and Concelier

2025-10-31 18:50:15 +02:00

AGENTS.md

Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations.

2025-11-05 11:58:32 +02:00

architecture.md

docs consolidation

2025-12-24 12:38:14 +02:00

implementation_plan.md

Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations.

2025-11-05 11:58:32 +02:00

README.md

docs consolidation

2025-12-24 12:38:14 +02:00

README.md

StellaOps Registry Token Service

Registry Token Service issues short-lived Docker registry bearer tokens for private or mirrored registries. It exchanges an Authority-issued access token for a registry-compatible JWT after enforcing plan/licence constraints.

Responsibilities

Validate Authority-issued caller identity and required scopes (default registry.token.issue).
Authorize requested repository scopes against a local plan catalogue (stellaops:plan claim + configured rules).
Block issuance for revoked licences (stellaops:license claim + configured deny list).
Mint registry tokens with a bounded lifetime (default 5 minutes) signed by a local RSA key.

Key endpoints

GET /token - Docker registry token exchange endpoint.
GET /healthz - liveness probe.

Code locations

Service: src/Registry/StellaOps.Registry.TokenService
Tests: src/Registry/__Tests/StellaOps.Registry.TokenService.Tests

Configuration

File: etc/registry-token.yaml
Environment variables: REGISTRY_TOKEN_*

Architecture: docs/modules/registry/architecture.md
Operations: docs/modules/registry/operations/token-service.md