๐Ÿ” Zero-Trust Deploy Config

STATIC โ€” contracts ยท โ€” profiles ยท โ€” recipes ยท โ€” recipes
๐Ÿ”“ Data unencrypted โ€” stored in plain text

๐Ÿš€ Try the Live Demo

Load 7 pre-built profiles โ€” a passing K8s deploy, a Vercel app, an ECS worker, and a broken deploy with intentional errors. See validation + exports instantly.

๐Ÿ‘†

Select a profile above โ€” or load demos to get started.

No server needed. Validation + export runs entirely in your browser.

๐Ÿค– API & Automation

agents.txt

Everything in this UI is also available as a JSON API. Read-only data is served as static JSON from GitHub Pages. Validation, export, and profile CRUD are handled by a Cloudflare Worker API.

๐Ÿ“„ Static Endpoints (no auth)
GET /contracts/index.json
GET /contracts/{id}.json
GET /recipes/index.json
GET /recipes/{id}.json
GET /agents.txt
โšก Compute Endpoints
POST /api/v1/validate
POST /api/v1/export
GET|POST /api/v1/profiles
PUT|DELETE /api/v1/profiles/{id}
POST /auth/github
Quick start โ€” try these in your terminal:
# List all platforms
curl -s https://joshuawink.github.io/zero-trust-deploy-config/contracts/index.json | jq -r '.contracts[]'

# Check what Kubernetes requires
curl -s https://joshuawink.github.io/zero-trust-deploy-config/contracts/kubernetes.json | jq '.required_vars'

# Validate a config
curl -sX POST https://ztdc-github-oauth.orchie.workers.dev/api/v1/validate \
  -H "Content-Type: application/json" \
  -d '{"platform":"kubernetes","vars":[{"key":"APP_ENV","value":"prod"}]}'

# Export as .env file
curl -sX POST https://ztdc-github-oauth.orchie.workers.dev/api/v1/export \
  -H "Content-Type: application/json" \
  -d '{"platform":"kubernetes","name":"prod","vars":[{"key":"APP_ENV","value":"prod"}],"format":"env"}' \
  | jq -r '.content' > prod.env

Profiles

0 community ยท 0 custom
๐Ÿ“–

Browse community-contributed deployment stacks.

Pick a recipe, then Fork it to customize, or Generate Profiles directly.

Contribute

Submit new platform contracts or deployment recipes to the community via GitHub Pull Request. Requires a GitHub Personal Access Token with repo scope.

๐Ÿ“‹ Submit Contract

Paste a platform contract JSON. It will be validated against the schema before submission.

๐Ÿ”’ Never stored โ€” used only for this request

๐Ÿณ Submit Recipe

Share a deployment recipe with the community. Build it in the Recipes โ†’ Builder tab first, then paste the exported JSON here.

๐Ÿ”’ Never stored โ€” used only for this request

โš ๏ธ Contribution Guidelines

  • Contracts must follow the schema spec
  • Use kebab-case IDs (e.g. aws-lambda, gcp-cloud-run)
  • Include at least one secret_backend and one export_format
  • Add meaningful descriptions and notes for reviewers
  • Your GitHub token is never stored โ€” it's used for the PR API call only