Faramesh Docs
Registry guides

Using registry providers

Import signed provider binaries from the GitHub catalog and wire them in governance.fms.

Providers are signed executables that implement ProviderService over gRPC. Faramesh runs them as sidecars and never embeds cloud SDKs in the daemon.

Import and declare

governance.fms
import "github.com/faramesh/faramesh-registry/providers/faramesh/vault@1.0.0"

provider "vault" {
  type  = "vault"
  addr  = env("VAULT_ADDR")
  token = env("VAULT_TOKEN")
  mount = "secret"
}

Run faramesh apply to download the binary for your platform into .faramesh/providers/.

Available providers (official catalog)

ProviderCapabilityProduction use
faramesh/vaultSecretsYes — HashiCorp Vault KV
faramesh/spiffeIdentityYes — SPIRE workload attestation
faramesh/dev-kmsKMSDev only — ephemeral keys

See Providers reference for field-level configuration.

Verification

  • Manifest sha256_hex must match the downloaded binary.
  • Detached .sig files are checked when present.
  • Your trust { ... } block must include the catalog signing key.

Custom providers

Implement the provider interface in Go, build per-platform binaries, add a manifest.json under catalog/artifacts/providers/, and open a PR to the catalog repo. See Publishing.

Contribute to the registry

Publish a policy pack from existing rules in about 30 minutes. No maintainer access required for community artifacts.

Policy packs

Import versioned FPL rule sets from the GitHub catalog and extend them in your agents.

On this page

Import and declareAvailable providers (official catalog)VerificationCustom providers