Storage and Key Management
Governance Platform uses customer-provided storage and key-management services for production deployments.
Storage Responsibilities
Section titled “Storage Responsibilities”| Service | Storage use |
|---|---|
| Governance Service | Evidence attachments and storage keys or access URLs. |
| Integrity Service | Integrity records, blobs, manifests, and lineage artifacts. |
| PostgreSQL | Relational state for platform services. |
Key Management Responsibilities
Section titled “Key Management Responsibilities”Auth Service uses the configured key-management provider for DID signing keys. Production deployments should use Azure Key Vault, AWS KMS, or GCP KMS rather than mock or local-development key management.
Operator Checklist
Section titled “Operator Checklist”- Create required buckets or containers before install.
- Grant least-privilege access to service credentials.
- Store provider credentials as Kubernetes secrets or through an approved secret manager.
- Confirm backup, retention, and deletion policies.
- Validate upload, retrieval, and DID-key creation after install.