OpenSSH Certificate Authority backed by Cosmian KMS — technical reference, Docker PoC (UC1–UC9) and KMS-backed KRL distribution design. The CA private key never touches disk (PKCS#11).
-
Updated
Jun 29, 2026 - Shell
OpenSSH Certificate Authority backed by Cosmian KMS — technical reference, Docker PoC (UC1–UC9) and KMS-backed KRL distribution design. The CA private key never touches disk (PKCS#11).
Stage356: Runtime Verification and Fail-Closed Execution Gate with Stage355 integrity binding, runtime decision enforcement, CI context detection, and PQC intent-only protection.
Stage355: Signature Key Status Verification and Revocation Enforcement Layer with signing-time validity checks, Stage354 ledger binding, fail-closed revoked-key rejection, and PQC intent-only protection.
Add a description, image, and links to the key-revocation topic page so that developers can more easily learn about it.
To associate your repository with the key-revocation topic, visit your repo's landing page and select "manage topics."