Install & artifacts

This page records the current install posture. It is intentionally conservative: the docs should not present an install command before the corresponding artifact exists and has been verified.

Private preview release candidate

v0.1.0-rc.1 is a private preview release candidate and pre-release. CLI archives are publicly downloadable from the TrustPlane Auth downloads domain, but checksum verification is mandatory before use.

Current posture

Artifact	Status	Notes
CLI release candidate	Private preview pre-release	`v0.1.0-rc.1` CLI archives are publicly downloadable from `downloads.auth.trustplane.dev`. Verify `SHA256SUMS` before use.
Container images	Private preview RC artifacts	Adapter and broker images are published to GHCR with immutable digests. Use digest-pinned pulls.
Helm chart package	Private preview RC artifact	Helm OCI chart version `0.1.0-rc.1` is published to GHCR. Pin the chart version.
Source build	Pre-release/source-oriented	Source-oriented examples remain useful for local development and review.
Local signed bundles	Current model	Trust material and `trustplane-bundle-v1` policy bundles are generated locally, reviewed, signed, and mounted.

CLI release candidate

Public downloads base URL:

https://downloads.auth.trustplane.dev/trustplane/v0.1.0-rc.1/

Checksum file:

https://downloads.auth.trustplane.dev/trustplane/v0.1.0-rc.1/SHA256SUMS

Archive URL format:

https://downloads.auth.trustplane.dev/trustplane/v0.1.0-rc.1/trustplane_v0.1.0-rc.1_<os>_<arch>.tar.gz

Release manifest:

https://downloads.auth.trustplane.dev/trustplane/v0.1.0-rc.1/release-manifest.json

Download SHA256SUMS and the archive for your platform:

VERSION=v0.1.0-rc.1
BASE_URL="https://downloads.auth.trustplane.dev/trustplane/${VERSION}"
OS=darwin      # linux, darwin, or windows
ARCH=arm64     # amd64 or arm64; windows publishes amd64
EXT=tar.gz     # use zip for windows
ARCHIVE="trustplane_${VERSION}_${OS}_${ARCH}.${EXT}"

curl -fsSLO "${BASE_URL}/SHA256SUMS"
curl -fsSLO "${BASE_URL}/${ARCHIVE}"

Verify the checksum before unpacking:

grep "  ${ARCHIVE}$" SHA256SUMS | shasum -a 256 -c -

Unpack and inspect the CLI:

tar -xzf "$ARCHIVE"
./trustplane --help

For Windows, download:

https://downloads.auth.trustplane.dev/trustplane/v0.1.0-rc.1/trustplane_v0.1.0-rc.1_windows_amd64.zip

Then verify the matching SHA256SUMS entry, unzip the archive, and run trustplane.exe --help.

This release candidate was produced without GitHub artifact attestations. The GitHub Release is the maintainer record and fallback source for release review, but it is not required for public CLI archive download.

Container images

Adapter:

docker pull \
  ghcr.io/trustplane-dev/trustplane-auth-adapter:v0.1.0-rc.1@sha256:ec419221c8f7be194d5c7ada5e20725e4fe4c48c6cea266902f22b703364f2c5

Broker:

docker pull \
  ghcr.io/trustplane-dev/trustplane-auth-broker:v0.1.0-rc.1@sha256:4f05c71eff0f5f5563f474dd8c534228c5f32438526c330950439b7d48758177

Do not use a mutable latest tag. The private preview images are documented only by version tag plus digest.

Helm chart

Inspect chart metadata:

helm show chart \
  oci://ghcr.io/trustplane-dev/charts/trustplane-auth \
  --version 0.1.0-rc.1

Pull the chart package:

helm pull \
  oci://ghcr.io/trustplane-dev/charts/trustplane-auth \
  --version 0.1.0-rc.1

Install or upgrade with the pinned chart version and digest-pinned images:

helm upgrade --install trustplane-auth \
  oci://ghcr.io/trustplane-dev/charts/trustplane-auth \
  --version 0.1.0-rc.1 \
  --namespace trustplane-auth \
  --create-namespace \
  --set image.repository=ghcr.io/trustplane-dev/trustplane-auth-adapter \
  --set image.tag=v0.1.0-rc.1 \
  --set image.digest=sha256:ec419221c8f7be194d5c7ada5e20725e4fe4c48c6cea266902f22b703364f2c5

The chart version is 0.1.0-rc.1 without the leading v. Do not use an unpinned chart version or a mutable latest version.

Release channels

CLI binaries: public downloads mirror backed by the reviewed GitHub Release maintainer record.
Adapter and broker images: GHCR, digest-pinned in deployment examples.
Helm chart: Helm OCI package.
CLI checksums are published as SHA256SUMS with the public downloads mirror.

What examples mean today

Quickstarts and tutorials that call make build assume pre-release source access. They are still useful for explaining local behavior, but install examples that use release artifacts should pin v0.1.0-rc.1, verify checksums for CLI downloads, pin image digests, and pin Helm chart version 0.1.0-rc.1.

Artifact safety rules

Public artifact pages must not include secrets, private keys, bearer tokens, signed request logs, live bundle JSON, private registry names, cloud-provider cluster identifiers, raw infrastructure addresses, or local machine paths.

Current posture​

CLI release candidate​

Container images​

Helm chart​

Release channels​

What examples mean today​

Artifact safety rules​