This directory holds code and scripts for running a Certificate Transparency (CT) Log based on the Trillian general transparency Log.
The main code for the CT personality is held in trillian/ctfe
; this code
responds to HTTP requests on the
CT API paths and translates
them to the equivalent gRPC API requests to the Trillian Log.
This obviously relies on the gRPC API definitions at
github.com/google/trillian
; the code also uses common libraries from the
Trillian project for various things including:
- exposing monitoring and statistics via an
interface
and corresponding Prometheus implementation (github.com/google/trillian/monitoring/...
) - dealing with cryptographic keys (
github.com/google/trillian/crypto/...
).
The trillian/integration/
directory holds scripts and tests for running the whole
system locally. In particular:
trillian/integration/ct_integration_test.sh
brings up local processes running a Trillian Log server, signer and a CT personality, and exercises the complete set of RFC 6962 API entrypoints.trillian/integration/ct_hammer_test.sh
brings up a complete system and runs a continuous randomized test of the CT entrypoints.
These scripts require a local database instance to be configured as described in the Trillian instructions.
Deploying a Trillian-based CT Log involves more than just the code contained in this directory.
The Manual Deployment document describes the components and process involved in manually setting up a CT Log instance on individual machines.
The Containerized Deployment document describes the sample container scripts which make CT Log deployment easier and more automatic. However, if you're planning to operate a trusted CT Log (rather than simply experimenting/playing with the code) then you should expect to understand all of the information in the manual version – even if you use the containerized variant for deployment convenience.
Once all of the components for a Trillian-based CT Log have been deployed, log operators need to monitor and maintain the Log. The Operation document describes key considerations and gotchas for this ongoing process.