Security
Musher supports content signing and trust policies to protect your organization from untrusted content. Signing keys prove publisher identity. Trust policies control which publishers and identities your organization accepts.
Both features are managed from Settings > Security in the Console and apply to your entire organization.
Content Signing
How Signing Works
When platform signing is active, Musher automatically signs every bundle published through the registry using ECDSA P-256 (ES256). Consumers can verify signatures to confirm bundles have not been tampered with and come from a known publisher.
Viewing Platform Signing Status
Go to Settings > Security > Signing Keys. The platform signing card shows whether signing is active and displays the platform key ID and algorithm.
Registering a Signing Key
Your organization can register its own signing keys for additional identity verification.
Open Signing Keys
In the Console, go to Settings > Security > Signing Keys.
Click Register Key
Provide a descriptive name for the key and paste your ECDSA P-256 public key in PEM format.
Confirm registration
The key appears in your signing keys list immediately. You can now use the corresponding private key to sign bundles.
Revoking a Signing Key
Find the key in your signing keys list and click Revoke. You will be asked to confirm.
Trust Policy
What Trust Policies Do
A trust policy defines which content your organization considers trustworthy. When verification is enabled, Musher checks incoming content against your rules before accepting it.
Verification Modes
Your trust policy operates in one of three modes. Change the mode from Settings > Security > Trust Policy.
| Mode | Behavior |
|---|---|
| Disabled | No verification. All content is accepted. |
| Warn | Untrusted content triggers warnings for all users in your organization. |
| Enforce | Untrusted content is blocked. Only content matching your trust rules is accepted. |
Trust Rules
Trust rules define what your organization trusts. You can combine multiple rules — content matching any rule is considered trusted.
| Rule type | What it matches | Example value |
|---|---|---|
| Publisher | All bundles from a publisher namespace | musher-dev |
| Trust Tier | All publishers at a given trust tier | verified |
| Signing Identity | A specific signing key fingerprint | a1b2c3d4e5f67890 |
Adding a Trust Rule
Open Trust Policy
In the Console, go to Settings > Security > Trust Policy.
Select the rule type
Choose Publisher, Trust Tier, or Signing Identity from the dropdown.
Enter the value and add
Type the publisher namespace, tier name, or key fingerprint and click Add Rule.
Removing a Trust Rule
Find the rule in the trusted publishers list and click Remove. You will be asked to confirm.
Recommended Setup
For teams starting with content trust:
- Register a signing key (if your plan includes the content signing entitlement)
- Add trust rules for the publishers you rely on
- Set verification to warn and monitor for a period
- Once confident in your rules, switch to enforce