Trust and security

A signed release passport without owner code in your runtime.

Release Passport is self-hosted release-readiness software. The customer runtime evaluates release evidence and stores the passport; Arconath's commercial checkout, owner license issuance, and package entitlement administration stay outside that runtime.

Artifact verification

Customer packages are distributed through the official channel with checksums and signed release identity so teams can verify what was installed.

SBOM and provenance

Release records tie source SHA, image digest, chart version, checksum result, SBOM/SARIF evidence, and rendered manifest context to the passport.

Runtime boundary

Customer runtime includes console, settings, API, worker, CLI gate path, scoped connectors, and runtime checks only.

RBAC and scoped reads

Connectors should read only configured namespaces, projects, apps, queries, services, and release scopes.

Audit log

Gate decisions, policy reasons, evidence freshness, actor context, comments, and exports remain inspectable for release review.

Data retention

Passports, evidence, and reports follow customer-owned retention policy instead of broad indefinite collection.

Runtime boundary.

The customer package is built for release evidence, policy, and decision review. It is not a merchant, owner admin, or package entitlement service.

Installed in customer runtime

Console, settings, API, worker, CLI gate, scoped connectors, runtime checks, reports, RBAC, audit log, and retention controls.

Not installed in customer runtime

Owner checkout, payment provider integration, billing mutation, license issuance, package entitlement administration, and Arconath commercial secrets.

Customer-owned dependencies

Domain, OIDC or proxy auth, namespace, registry credentials, Postgres, Redis/Valkey, S3-compatible storage, and secret manager.

Arconath-owned lane

Public website, pricing, docs, commercial checkout, owner entitlement flow, official package distribution, and dogfood release evidence.

Install trust checklist.

Can the team verify checksums before installing?

Can the team identify the source SHA, image digest, and chart version for the runtime?

Are connector permissions scoped to the intended services and environments?

Does the runtime Secret keep RELEASEPASSPORT_INSTALL_ID stable without exposing values in public logs?

Do report exports avoid tokens, kubeconfigs, private keys, payment keys, registry credentials, and raw secret values?

Is owner billing/license/package administration absent from the customer package?

No secrets in public support

Evidence is useful without secret values.

Support and sales requests should include workspace ID, service name, environment, release ID, passport ID, CLI version, connector type, and sanitized request IDs. Do not include tokens, kubeconfigs, private keys, OIDC secrets, payment provider keys, registry credentials, or raw private evidence.

Security docs Verified install