|
|
Federated Sovereign Key Management for Critical Infrastructure Sovra is an open source federated control plane for managing cryptographic keys across distributed infrastructure. Organizations deploy independent Sovra instances that communicate securely to enable cross-organizational data sharing while maintaining cryptographic sovereignty. Built for: Research institutions, Government and Military. |
- Federated Architecture - Peer-to-peer control planes
- Cryptographic Sovereignty - Customer-controlled root keys
- Cross-Domain Sharing - Multi-organization collaboration
- Cloud-Agnostic - Deploy anywhere
- Air-Gap Capable - SECRET classification support
- Policy-Driven - OPA-based access control
# Pull the latest image
docker pull ghcr.io/witlox/sovra:latest
# Run a specific service
docker run -d --name sovra-api ghcr.io/witlox/sovra:latest /app/api-gatewayDownload the latest release for your platform from GitHub Releases.
# Linux (amd64)
curl -s https://api.github.com/repos/witlox/sovra/releases/latest \
| grep "browser_download_url.*linux_amd64.tar.gz" \
| cut -d '"' -f 4 | xargs curl -LO
tar xzf sovra_*_linux_amd64.tar.gz
# macOS (arm64)
curl -s https://api.github.com/repos/witlox/sovra/releases/latest \
| grep "browser_download_url.*darwin_arm64.tar.gz" \
| cut -d '"' -f 4 | xargs curl -LO
tar xzf sovra_*_darwin_arm64.tar.gz
# Add to PATH
sudo mv sovra /usr/local/bin/sovragit clone https://github.com/witlox/sovra.git
cd sovra
make# Deploy control plane
kubectl apply -k infrastructure/kubernetes/base
# Initialize
./scripts/init-control-plane.sh
# Connect edge node
sovra edge-node register --control-plane https://sovra.example.org
# Federate with partner
sovra federation establish --partner https://partner.example.orgOrganization A Organization B
┌──────────────────┐ ┌──────────────────┐
│ Sovra Control │◄─mTLS───►│ Sovra Control │
│ ├─ Policy (OPA) │ │ ├─ Policy (OPA) │
│ ├─ Lifecycle │ │ ├─ Lifecycle │
│ └─ Audit │ │ └─ Audit │
└────┬─────────────┘ └────┬─────────────┘
│ mTLS │ mTLS
┌────▼─────────────┐ ┌────▼─────────────┐
│ Edge (Vault) │ │ Edge (Vault) │
└──────────────────┘ └──────────────────┘
See ARCHITECTURE.md
See Github Pages
- Services: Go 1.25+
- Database: PostgreSQL 15+
- Secrets: HashiCorp Vault 1.16+
- Policy: OPA 0.61+
- Networking: mTLS
- GitHub Issues: Bug reports
- GitHub Discussions: Questions
See CONTRIBUTING.md
Apache-2.0 - See LICENSE
If you use this in research, please cite:
@software{sovra,
title={Sovra: Federated Sovereign Key Management for Critical Infrastructure},
author={Pim Witlox},
year={2026},
url={https://github.com/witlox/sovra}
}Open Source | Community Driven | Digital Sovereignty