Skip to content

Storage and Key Management

Governance Platform uses customer-provided storage and key-management services for production deployments.

ServiceStorage use
Governance ServiceEvidence attachments and storage keys or access URLs.
Integrity ServiceIntegrity records, blobs, manifests, and lineage artifacts.
PostgreSQLRelational state for platform services.

Auth Service uses the configured key-management provider for DID signing keys. Production deployments should use Azure Key Vault, AWS KMS, or GCP KMS rather than mock or local-development key management.

  • Create required buckets or containers before install.
  • Grant least-privilege access to service credentials.
  • Store provider credentials as Kubernetes secrets or through an approved secret manager.
  • Confirm backup, retention, and deletion policies.
  • Validate upload, retrieval, and DID-key creation after install.