Skip to content

IronRoot

Bootstrap Guide

IronRoot

Getting Started
Getting Started
Architecture
Architecture
- System Model
  System Model
- PKI Model
  PKI Model
- Platform Components
  Platform Components
- Reference
  Reference
Installation
Installation
- Install Methods
  Install Methods
- Configure
  Configure
  - Configuration
  - Local Development
- Runtime TLS
  Runtime TLS
  - Podman TLS Usage
- Lifecycle
  Lifecycle
  - Upgrades
  - Uninstall
Security
Security
- Bootstrap And Checks
  Bootstrap And Checks
  - Bootstrap Guide
  - Security Check
- Trust And CA Handling
  Trust And CA Handling
- Hardening
  Hardening
- Resilience
  Resilience
Observability
Observability
- Signals
  Signals
  - Traces
  - Metrics
  - Logs
- OpenTelemetry Stack
  OpenTelemetry Stack
  - OpenTelemetry
  - Collector
  - Prometheus
  - Tempo
  - Loki
  - Grafana
- Operations
  Operations
- Deployment Integrations
  Deployment Integrations
  - Kubernetes
  - Podman
  - Binary
Kubernetes
Kubernetes
- Deploy
  Deploy
  - Helm Installation
  - Values Reference
- Operate
  Operate
Airgap
Airgap
- Overview
- Offline Trust
  Offline Trust
- Artifact Movement
  Artifact Movement
- Operations
  Operations
  - Airgap Upgrades
  - Airgap Recovery
Operations
Operations
- Certificate Operations
  Certificate Operations
- Recovery
  Recovery
- Runbooks
  Runbooks
API & CLI
API & CLI
- API
  API
- CLI
  CLI
- Configuration
  Configuration
  - Configuration Reference
  - Environment Variables
Contributing
Contributing
- Start Here
  Start Here
  - Local Development
    Local Development
    
    Overview
    
    Up And Running
    
    Multi-Root CA Development
    
    RBAC Development
    
    Testing And Verification
    
    Troubleshooting
  - Platform Setup
- Contributor Workflow
  Contributor Workflow
- Specialized Development
  Specialized Development
  - Helm Development
  - OpenTelemetry Development
- Releases And Roadmap
  Releases And Roadmap
- Project Community
  Project Community

First-Run Bootstrap Guide¶

Stage: Alpha Status: Draft

Run the interactive guide before exposing IronRoot to operators or workloads:

ironroot-admin bootstrap --output-checklist ./ironroot-security-checklist.md

For automation:

ironroot-admin bootstrap \
  --non-interactive \
  --acknowledge-risk \
  --config /config/config.yaml \
  --output-checklist ./ironroot-security-checklist.md

The guide walks through:

Offline Root CA handling
Intermediate CA handling
API TLS posture
server filesystem permissions
database and CA backups
audit logging
OpenTelemetry configuration
migration and recovery readiness

Non-interactive mode requires --acknowledge-risk so CI/CD and air-gapped automation record an explicit security decision.