stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f10d83c444b7d8d9c2bd19758c25f88728c4d0b8
git.stella-ops.org/etc/README.md

2.9 KiB
Raw Blame History

StellaOps Configuration (etc/)

This directory contains all configuration for StellaOps services. It is the single source of truth for deployment configuration.

Directory Structure

etc/
├── authority/            # Authentication & authorization service
├── certificates/         # Trust anchors and signing keys
├── concelier/            # Advisory ingestion service
├── crypto/               # Regional cryptographic profiles
├── env/                  # Environment-specific profiles (dev/stage/prod/airgap)
├── llm-providers/        # AI/LLM provider configurations
├── notify/               # Notification service & templates
├── plugins/              # Plugin manifests (configuration, not binaries)
├── policy/               # Policy engine configuration & packs
├── router/               # Transport router configuration
├── scanner/              # Container scanning service
├── scheduler/            # Job scheduling service
├── scm-connectors/       # Source control integrations
├── secrets/              # Development secrets only (NEVER for production)
├── signals/              # Runtime signals configuration
└── vex/                  # VEX processing services

File Naming Convention

Pattern Purpose Git Status
*.yaml.sample Documented template with all options Committed
*.yaml Active configuration Git-ignored
*.env.sample Environment variable template Committed
env.* Active environment file Git-ignored

Quick Start

# 1. Copy sample to active config
cp etc/scanner/scanner.yaml.sample etc/scanner/scanner.yaml

# 2. Edit for your environment
vi etc/scanner/scanner.yaml

# 3. Copy environment profile
cp etc/env/dev.env.sample etc/env/dev.env

Regional Crypto Profiles

For compliance with regional cryptographic standards:

Profile Standard Use Case
us-fips FIPS 140-3 US Federal, DoD
eu eIDAS EU qualified signatures
ru GOST R 34.10/11/12 Russian Federation
cn GM/T (SM2/SM3/SM4) China
kr KCMVP South Korea

Activate via:

export STELLAOPS_CRYPTO_PROFILE=us-fips

What Lives Elsewhere

Directory Purpose
plugins/ Compiled plugin binaries (runtime artifacts)
opt/ Optional vendor packages (CryptoPro, etc.)
offline/ Air-gap operational state (feeds, packages)

Security

  • NEVER commit active configs (.yaml files are git-ignored)
  • Secrets via environment variables or external secret managers
  • etc/secrets/ contains ONLY development/sample keys - never for production
  • Production signing keys must come from HSM, Vault, or KMS

Documentation

Full guide: docs/operations/configuration-guide.md