Security
========

The Shyft security model is based on a layered trust chain that connects
developer identity, hardware-backed key management, signed source history,
controlled release procedures, and user-side verification.

Trust Model Overview
--------------------

The following diagram summarizes the high-level trust model used by Shyft.

.. mermaid::
   :align: center
   :caption: Shyft trust model
   :config: {"themeVariables": {"fontSize": "15px"}, "flowchart": {"nodeSpacing": 24, "rankSpacing": 34}}

   flowchart TD
       A["Developer / maintainer identity"]
       B["Nitrokey / hardware-backed key storage"]
       C["OpenPGP signing key"]
       D["Signed commits and tags"]
       E["Controlled build and release process"]
       F["Signed artifacts + PROVENANCE.txt"]
       G["User / operator verification"]
       H["Trusted installation and deployment"]

       A --> B
       B --> C
       C --> D
       D --> E
       C --> E
       E --> F
       F --> G
       G --> H

This trust model is supported by the following elements:

* hardware-backed storage of signing keys
* signed source control history
* controlled and reproducible build procedures
* signed release artifacts and provenance
* independent verification before installation

Structure of This Section
-------------------------

The security section is organized as follows:

* :doc:`principles`
  Security principles and trust-boundary design

* :doc:`identity/index`
  Identity, GPG, SSH, and Nitrokey-related procedures

* :doc:`access-control`
  Access control and operational restrictions

* :doc:`incident-response`
  Response procedures for key loss, compromise, or recovery situations

Relationship to Releases
------------------------

The security model described here provides the identity and trust foundation
for the Shyft release process.

See also:

* :doc:`../releases/overview`
* :doc:`../releases/release-process`
* :doc:`../releases/signing-keys`
* :doc:`../releases/package-verification`