Storage and Key Management
Governance Platform requires durable storage and managed keys for production deployments.
Storage Responsibilities
Section titled “Storage Responsibilities”| Area | Purpose |
|---|---|
| PostgreSQL | Platform records such as users, projects, policies, controls, declarations, evaluations, and activity. |
| Object storage | Evidence attachments, files, and workflow artifacts. |
| Registry storage | Runtime images and chart artifacts for connected or mirrored installs. |
Supported object storage options include Azure Blob Storage, Google Cloud Storage, and AWS S3. Local or mock storage modes are for development and test environments only.
Key Management
Section titled “Key Management”Key management supports signing, credential, and integrity workflows. Use Azure Key Vault, AWS KMS, or Google Cloud KMS for customer environments.
The mock key provider is not appropriate for production.
Operator Checklist
Section titled “Operator Checklist”- Confirm services can reach storage and key providers from the cluster.
- Confirm access policies are least-privilege.
- Back up platform data before upgrades.
- Rotate keys and credentials according to customer policy.
- Do not publish secrets or key material in release documentation.