Skip to content

IronRoot

Configuration Reference

IronRoot

Getting Started
Getting Started
Architecture
Architecture
- System Model
  System Model
- PKI Model
  PKI Model
- Platform Components
  Platform Components
- Reference
  Reference
Installation
Installation
- Install Methods
  Install Methods
- Configure
  Configure
  - Configuration
  - Local Development
- Runtime TLS
  Runtime TLS
  - Podman TLS Usage
- Lifecycle
  Lifecycle
  - Upgrades
  - Uninstall
Security
Security
- Bootstrap And Checks
  Bootstrap And Checks
  - Bootstrap Guide
  - Security Check
- Trust And CA Handling
  Trust And CA Handling
- Hardening
  Hardening
- Resilience
  Resilience
Observability
Observability
- Signals
  Signals
  - Traces
  - Metrics
  - Logs
- OpenTelemetry Stack
  OpenTelemetry Stack
  - OpenTelemetry
  - Collector
  - Prometheus
  - Tempo
  - Loki
  - Grafana
- Operations
  Operations
- Deployment Integrations
  Deployment Integrations
  - Kubernetes
  - Podman
  - Binary
Kubernetes
Kubernetes
- Deploy
  Deploy
  - Helm Installation
  - Values Reference
- Operate
  Operate
Airgap
Airgap
- Overview
- Offline Trust
  Offline Trust
- Artifact Movement
  Artifact Movement
- Operations
  Operations
  - Airgap Upgrades
  - Airgap Recovery
Operations
Operations
- Certificate Operations
  Certificate Operations
- Recovery
  Recovery
- Runbooks
  Runbooks
API & CLI
API & CLI
- API
  API
- CLI
  CLI
- Configuration
  Configuration
  - Configuration Reference Configuration Reference
    Table of contents
    
    RBAC
  - Environment Variables
Contributing
Contributing
- Start Here
  Start Here
  - Local Development
    Local Development
    
    Overview
    
    Up And Running
    
    Multi-Root CA Development
    
    RBAC Development
    
    Testing And Verification
    
    Troubleshooting
  - Platform Setup
- Contributor Workflow
  Contributor Workflow
- Specialized Development
  Specialized Development
  - Helm Development
  - OpenTelemetry Development
- Releases And Roadmap
  Releases And Roadmap
- Project Community
  Project Community

Configuration Reference¶

Stage: Alpha Status: Draft

IronRoot configuration includes server listener settings, database settings, PKI paths, file-based RBAC settings, telemetry settings, and log level.

Use examples/config.local.yaml for local testing and adapt paths for production.

RBAC¶

RBAC is configured in the main config.yaml and loaded from YAML manifests at server startup:

rbac:
  enabled: true
  mode: file
  paths:
    - config/rbac/*.yaml
    - config/rbac/*.yml

The database can store applied RBAC metadata internally, but SQL is not the user-facing management workflow. Keep RBAC manifests in Git and deploy them with the rest of the environment configuration.