First 15 Minutes
This path is for a first TrustPlane Auth private-preview install. It gets you from the public
download mirror to a verified trustplane --help, then points you at the examples and tutorials
that are useful today.
For the short story of what the release candidate protects and what remains preview or future, read What TrustPlane Auth protects.
TrustPlane Auth v0.1.0-rc.1 artifacts are available for evaluation. You can try them in
front of your own API endpoints. During preview, source repo access, support expectations, and
release cadence are managed by the TrustPlane maintainers.
What you will install
| Artifact | What to use | Pinning rule |
|---|---|---|
| CLI | trustplane archive from the public downloads mirror | Verify SHA256SUMS before unpacking or running it. |
| Adapter image | GHCR trustplane-auth-adapter image | Use the documented version tag plus digest. |
| Broker image | GHCR trustplane-auth-broker image | Use the documented version tag plus digest. |
| Helm chart | oci://ghcr.io/trustplane-dev/charts/trustplane-auth | Use chart version 0.1.0-rc.1 and digest-pinned images. |
Do not use a mutable latest tag or unpinned chart version.
1. Choose your CLI archive
The v0.1.0-rc.1 public downloads base is:
https://downloads.auth.trustplane.dev/trustplane/v0.1.0-rc.1/
Archive names use this pattern:
trustplane_v0.1.0-rc.1_<os>_<arch>.<ext>
Use the archive that matches your machine:
| Platform | Archive guidance |
|---|---|
| macOS Apple Silicon | trustplane_v0.1.0-rc.1_darwin_arm64.tar.gz |
| macOS Intel | trustplane_v0.1.0-rc.1_darwin_amd64.tar.gz |
| Linux x86_64 | trustplane_v0.1.0-rc.1_linux_amd64.tar.gz |
| Linux arm64 | trustplane_v0.1.0-rc.1_linux_arm64.tar.gz |
| Windows x86_64 | trustplane_v0.1.0-rc.1_windows_amd64.zip |
2. Download checksums and your archive
Set the archive name first, then download SHA256SUMS and the matching archive.
VERSION=v0.1.0-rc.1
BASE_URL="https://downloads.auth.trustplane.dev/trustplane/${VERSION}"
ARCHIVE="trustplane_${VERSION}_darwin_arm64.tar.gz"
curl -fsSLO "${BASE_URL}/SHA256SUMS"
curl -fsSLO "${BASE_URL}/${ARCHIVE}"
Replace ARCHIVE with the macOS, Linux, or Windows file from the table above.
3. Verify SHA256SUMS before install or use
Verify the archive checksum before unpacking or running anything from the archive:
grep " ${ARCHIVE}$" SHA256SUMS | shasum -a 256 -c -
On Linux, sha256sum is also fine:
grep " ${ARCHIVE}$" SHA256SUMS | sha256sum -c -
On Windows PowerShell, compare the published value for your archive with the local file hash:
Get-FileHash .\trustplane_v0.1.0-rc.1_windows_amd64.zip -Algorithm SHA256
Select-String -Path .\SHA256SUMS -Pattern "trustplane_v0.1.0-rc.1_windows_amd64.zip"
If the checksum does not match, stop and download the files again.
4. Unpack and verify the CLI starts
For macOS and Linux:
tar -xzf "$ARCHIVE"
./trustplane --help
For Windows:
Expand-Archive .\trustplane_v0.1.0-rc.1_windows_amd64.zip .
.\trustplane.exe --help
trustplane --help is the first local verification point. It confirms that the checked archive
contains a runnable private-preview CLI for your platform.
5. Understand images and chart availability
The adapter and broker images are public GHCR artifacts and should be referenced by version tag plus digest. The Helm chart is available at:
oci://ghcr.io/trustplane-dev/charts/trustplane-auth
Use chart version:
0.1.0-rc.1
Keep the chart version pinned and keep image references digest-pinned. The exact image digests, chart commands, and release-channel details live in Install & artifacts.
What you can try now
- Inspect the CLI with
trustplane --help. - Read the examples overview to understand same-cluster SPIFFE, software/JWKS, and cross-environment caller patterns.
- Walk through Protect your first API when you are ready to put the adapter in front of an existing service.
- Try the adapter directly in front of an API endpoint. Existing gateways such as Envoy, NGINX, and Kong are relevant integration targets, but gateway-specific templates are adoption accelerators, not required for the core verifier model.
- Use the route policy map to understand which source rules can call which routes.
Still preview or future
- TrustPlane Auth
v0.1.0-rc.1artifacts are available for evaluation. You can try them in front of your own API endpoints. During preview, source repo access, support expectations, and release cadence are managed by the TrustPlane maintainers. - Source-build workflows require access to the pre-release source tree.
- Managed governance, hosted bundle distribution, SDKs, MCP/workflow integrations, backend JWT assertions, and OAuth compatibility egress are future or scoped compatibility work.