Skip to content

hyperpolymath/sdp-hkdf-deployment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
.github
.github
 
 
.hypatia
.hypatia
 
 
.machine_readable
.machine_readable
 
 
.well-known
.well-known
 
 
LICENSES
LICENSES
 
 
configs
configs
 
 
containerfiles
containerfiles
 
 
contractiles
contractiles
 
 
docs
docs
 
 
policy
policy
 
 
tests/fuzz
tests/fuzz
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.nojekyll
.nojekyll
 
 
0-AI-MANIFEST.a2ml
0-AI-MANIFEST.a2ml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
EXPLAINME.adoc
EXPLAINME.adoc
 
 
Justfile
Justfile
 
 
LICENSE
LICENSE
 
 
MAINTAINERS.adoc
MAINTAINERS.adoc
 
 
NOTICE
NOTICE
 
 
QUICKSTART-DEV.adoc
QUICKSTART-DEV.adoc
 
 
QUICKSTART-MAINTAINER.adoc
QUICKSTART-MAINTAINER.adoc
 
 
QUICKSTART-USER.adoc
QUICKSTART-USER.adoc
 
 
README.adoc
README.adoc
 
 
ROADMAP.adoc
ROADMAP.adoc
 
 
RSR_OUTLINE.adoc
RSR_OUTLINE.adoc
 
 
SECURITY.md
SECURITY.md
 
 
TEST-NEEDS.md
TEST-NEEDS.md
 
 
TOPOLOGY.md
TOPOLOGY.md
 
 
contractile.just
contractile.just
 
 
flake.nix
flake.nix
 
 
guix.scm
guix.scm
 
 
llm-warmup-dev.md
llm-warmup-dev.md
 
 
llm-warmup-user.md
llm-warmup-user.md
 
 
setup.sh
setup.sh
 
 
stapeln.toml
stapeln.toml
 
 

Repository files navigation

SDP HKDF Deployment

Rootless / SDP deployment infrastructure for HKDF (HMAC-based Key Derivation Function) cryptographic services.

This repository provides the infrastructure for deploying HKDF cryptographic services using the Secure Deployment Protocol (SDP) with rootless container execution, air-gap readiness, and provenance tracking.

Components

configs/

Deployment configurations — environment, network, key-management, rotation policy.

containerfiles/

Container build recipes (Buildah / Podman-friendly). Rootless by construction.

docs/

Architecture references, threat-model, deployment runbooks.

Quickstart

git clone git@github.com:hyperpolymath/sdp-hkdf-deployment.git
cd sdp-hkdf-deployment

just build         # build container images (rootless)
just deploy-dry    # render deployment manifests without applying
just deploy        # apply (requires configured target)

Architecture

See TOPOLOGY.md for the visual architecture map and completion dashboard. For a deeper threat-model write-up, consult docs/THREAT-MODEL.adoc if present.

Design principles

  1. Rootless first — no privileged containers; userspace UID/GID mapping throughout.

  2. Air-gap ready — every external dependency is pinned to a content hash; nothing fetched at deploy-time.

  3. Provenance-tracked — every artefact is signed; build manifests enumerate inputs.

Status

  • Licence: MPL-2.0. (Migrated from PMPL-1.0-or-later 2026-05-26 per the estate licence-debt audit, hyperpolymath/standards#196.)

  • Maturity: deployment-ready for the in-house HKDF service. Not yet a published reusable for external consumers.

  • Audit findings: see docs/tech-debt-2026-05-26.md if present (added by the 2026-05-26 estate tech-debt scan).

Contributing

See CONTRIBUTING.md. GPG-signed commits required.

Companion repositories

About

Rootless/SDP deployment configurations for HKDF cryptographic services

Topics

open-source development tooling software nickel hyperpolymath

Resources

Readme

License

MPL-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

 
 
 

Contributors

Languages

Generated from hyperpolymath/rsr-template-repo