Security

The Shyft security model is based on a layered trust chain that connects developer identity, hardware-backed key management, signed source history, controlled release procedures, and user-side verification.

Trust Model Overview

The following diagram summarizes the high-level trust model used by Shyft.

        ---
config:
  flowchart:
    nodeSpacing: 24
    rankSpacing: 34
  themeVariables:
    fontSize: 15px

---
flowchart TD
    A["Developer / maintainer identity"]
    B["Nitrokey / hardware-backed key storage"]
    C["OpenPGP signing key"]
    D["Signed commits and tags"]
    E["Controlled build and release process"]
    F["Signed artifacts + PROVENANCE.txt"]
    G["User / operator verification"]
    H["Trusted installation and deployment"]

    A --> B
    B --> C
    C --> D
    D --> E
    C --> E
    E --> F
    F --> G
    G --> H
    

Shyft trust model

This trust model is supported by the following elements:

• hardware-backed storage of signing keys

• signed source control history

• controlled and reproducible build procedures

• signed release artifacts and provenance

• independent verification before installation

Structure of This Section

The security section is organized as follows:

• Security Principles Security principles and trust-boundary design

• Identity and Key Management Identity, GPG, SSH, and Nitrokey-related procedures

• Access Control Access control and operational restrictions

• Incident Response Response procedures for key loss, compromise, or recovery situations

Relationship to Releases

The security model described here provides the identity and trust foundation for the Shyft release process.

See also:

• Release Overview

• Release Process

• Signing Keys

• Package Verification