Sovereign Deployment
Sovereign & Air-Gap
Sovereign means you control the infrastructure, the keys, and the evidence. Stella Ops runs without mandatory external dependencies and produces verifiable proof for every release decision.
What sovereign-ready means
Self-hosted control plane
No forced SaaS dependency. Deploy the entire suite on your infrastructure — on-premises, private cloud, or air-gapped network.
Air-gap / offline-first operations
Vulnerability feeds and verification data move via signed bundles. Core decisions stay offline; nothing leaves the network unless you manually opt in to telemetry.
Bring your own keys
Customer controls trust anchors. Pluggable crypto profiles support your signing and verification infrastructure.
Regional crypto profiles
Plugin architecture for compliance-driven cryptography. FIPS-140-3, GOST R 34.10, SM2/SM3, or eIDAS-qualified signatures.
Deterministic replay
Same inputs produce identical outputs. Auditors can verify decisions offline months later with frozen feeds and manifests.
Exportable evidence
Decision Capsules package evidence for audit — not scattered across logs. Portable, verifiable, independent of Stella infrastructure.
Auditable core (open source)
Evidence formats and verification tooling are open source. Auditors can verify decisions independently — no vendor lock-in for trust.
Local intel aggregator
Run your own CVE + VEX intelligence service. Aggregate sources, dedupe, snapshot, and sign — all inside your boundary.
Crypto profiles
Stella supports pluggable cryptographic profiles for regional compliance and organizational requirements.
| Profile | Algorithms | Use case |
|---|---|---|
| default | ECDSA P-256, SHA-256 | Standard deployments |
| fips-140-3 | ECDSA P-384, SHA-384 | US federal / FedRAMP |
| gost | GOST R 34.10-2012, Streebog | CIS region compliance |
| sm | SM2, SM3 | Chinese standards |
| eidas | RSA-PSS, ECDSA (QES) | EU qualified signatures |
Deployment modes
Connected mode
Standard deployment with optional feed updates from public sources.
- → Live vulnerability feed sync (NVD, OSV, vendor advisories)
- → Opt-in telemetry for fleet analytics (disabled by default)
- → Automated signature verification
Air-gapped mode
Fully isolated deployment for regulated or sensitive environments with no outbound traffic unless telemetry is manually enabled.
- → Signed feed bundles imported via sneakernet or DMZ relay
- → Zero external network dependencies
- → Customer-controlled update cadence
Offline operations
Import signed feed bundle
$ stella feed import vuln-feed-2025-01.bundle --verify
Verifying bundle signature... OK
Signer: CN=Stella Feed Signing Key (customer-owned)
Feed version: 2025-01-15T00:00:00Z
Feed imported successfully
CVEs added: 847 | Updated: 2,341 | Total: 234,892Run decisions offline
$ stella gate decision --env prod --offline
Using local feed snapshot: 2025-01-15T00:00:00Z
Analyzing artifact: sha256:a1b2c3d4...
Reachable CVEs: 8 (of 312 in dependencies)
Policy: production-strict v2.1.0
Gate passed — all reachable CVEs below thresholdExport for external audit
$ stella capsule export --bundle audit-pack.zip --include-feeds
Packaging decision capsule...
Including: SBOM, reachability graph, VEX state, policy, approvals
Including: Feed snapshot (frozen at decision time)
Signing with: GOST R 34.10-2012 (sovereign profile)
Audit pack exported to audit-pack.zip
Bundle can be verified and replayed on any Stella installationWho this is for
Defence & government
Classified networks requiring national crypto profiles and zero external dependencies.
Critical infrastructure
Energy, transport, and telecom operators who must prove every deployment decision to regulators.
Financial institutions
Banks and insurers needing FIPS-validated crypto with auditable, deterministic release gates.
Healthcare & pharma
Organisations handling sensitive data that require offline-first operation and signed evidence chains.