Initial project snapshot
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
# Installation Authority Tooling
|
||||
|
||||
The Product Root private key must stay outside the repository and outside the
|
||||
cluster database. The backend stores only the public key and signed activation
|
||||
records.
|
||||
|
||||
Generate a Product Root key pair:
|
||||
|
||||
```powershell
|
||||
go run scripts/installation/product-root-tool.go generate-key
|
||||
```
|
||||
|
||||
Configure production backend nodes with the generated `public_key_b64`:
|
||||
|
||||
```powershell
|
||||
$env:INSTALLATION_AUTHORITY_MODE = "strict"
|
||||
$env:INSTALLATION_PRODUCT_ROOT_PUBLIC_KEY_B64 = "<public_key_b64>"
|
||||
```
|
||||
|
||||
Create a signed first-owner activation manifest:
|
||||
|
||||
```powershell
|
||||
go run scripts/installation/product-root-tool.go activate `
|
||||
-private-key-file C:\secure\rap-product-root.json `
|
||||
-install-id install-prod-001 `
|
||||
-owner-email owner@example.com `
|
||||
-expires-at 2026-05-01T00:00:00Z `
|
||||
-environment production
|
||||
```
|
||||
|
||||
Use the output `activation_payload` and `activation_signature` in the admin
|
||||
panel first-owner screen or in `POST /api/v1/installation/bootstrap-owner`.
|
||||
Reference in New Issue
Block a user