stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d509c44411709db41f2fd497ac7f5ec8b8e96c63
git.stella-ops.org/docs/modules/airgap/guides/overview.md
master 4789027317 docs consolidation and others
2026-01-06 19:07:48 +02:00

2.2 KiB
Raw Blame History

Airgap Overview

This page orients teams before diving into per-component runbooks. It summarises modes, lifecycle, and governance responsibilities for sealed deployments.

Modes

  • Sealed: deny-all egress; only preloaded bundles (mirror + bootstrap) allowed. Requires exported time anchors and offline trust roots.
  • Constrained: limited egress to allowlisted registries and NTP; mirror bundles still preferred.
  • Connected: full egress for staging; must remain policy-compatible with sealed mode.

Lifecycle

  1. Prepare bundles: export mirror + bootstrap packs (images/charts, SBOMs, DSSE metadata) signed and hashed.
  2. Stage & verify: load bundles into the offline store, verify hashes/DSSE, record mirrorGeneration.
  3. Activate: flip sealed toggle; enforce deny-all egress and policy banners; register bundles with Excititor/Export Center.
  4. Operate: run periodic staleness checks, apply time anchors, and audit imports via timeline events.
  5. Refresh/rollback: import next mirrorGeneration or roll back using previous manifest + hashes.

Responsibilities

  • AirGap Controller Guild: owns network posture (deny-all, allowlists), sealed-mode policy banners, and change control.
  • Export Center / Evidence Locker Guilds: produce and verify bundle manifests, DSSE envelopes, and Merkle roots.
  • Module owners (Excititor, Concelier, etc.): honor sealed-mode toggles, emit staleness headers, and refuse unsigned/unknown bundles.
  • Ops/Signals Guild: maintain time anchors and observability sinks compatible with sealed deployments.

Rule banner (sealed mode)

Display a top-of-console banner when sealed=true:

  • "Sealed mode: no external egress. Only registered bundles permitted. Imports logged; violations trigger audit."
  • Include current mirrorGeneration, bundle manifest hash, and time-anchor status.

Related docs

  • docs/modules/airgap/guides/airgap-mode.md — deeper policy shapes per mode.
  • docs/modules/airgap/guides/bundle-repositories.md — mirror/bootstrap bundle structure.
  • docs/modules/airgap/guides/staleness-and-time.md — time anchors and staleness checks.
  • docs/modules/airgap/guides/controller.md / docs/modules/airgap/guides/importer.md — controller + importer references.