Q-Trust Plane

FAQ

Frequently Asked Questions

Direct answers to common technical, security, and deployment questions.

Back to overviewRequest access

Highlights

  • Clarifies integration surfaces (agents) and required evidence inputs.
  • Summarizes cryptographic primitives and key management expectations.
  • Defines deployment assumptions and operational requirements.

Q-Trust Plane - Frequently Asked Questions

General Questions

What is Q-Trust Plane?

Q-Trust Plane is a cryptographic zero-trust control plane that provides unified governance across hybrid infrastructure. It allows you to write policies once (in QPL) and enforce them across Web3, Kubernetes, Terraform, MLOps, and CI/CD domains with complete cryptographic audit trails.

Why do I need Q-Trust Plane?

If you're managing multiple infrastructure domains (Kubernetes, Terraform, Web3, CI/CD, MLOps), you likely have:

  • Fragmented authorization systems
  • Incomplete audit trails
  • No cryptographic proof of decisions
  • Compliance challenges
  • Inconsistent policy enforcement

Q-Trust Plane solves these problems with unified governance, cryptographic grants, and complete audit trails.

Is Q-Trust Plane open source?

Yes! Q-Trust Plane is open source and available on GitHub. The core platform, all agents, and the QPL language are freely available under [license TBD].

Technical Questions

What is QPL?

QPL (Q-Trust Policy Language) is a declarative, domain-agnostic policy language for defining authorization rules. It's similar to SQL in syntax but designed for policy evaluation across multiple infrastructure domains.

Example:

policy "web3-deployment" {
  domain = "web3"
  
  rule "require-audit" {
    condition = evidence.audit_report.exists
    action = "allow"
  }
}

How does Q-Trust Plane integrate with my existing infrastructure?

Q-Trust Plane uses domain-specific agents that integrate with your existing systems:

  • Web3 Agent: Intercepts contract deployments via RPC proxy
  • K8s Agent: Admission webhook for pod/deployment validation
  • Terraform Agent: Wraps terraform CLI or integrates with Terraform Cloud
  • MLOps Agent: Integrates with MLflow, Kubeflow, SageMaker
  • CI/CD Agents: GitHub Actions plugin, GitLab CI integration

Each agent is lightweight and can be deployed alongside your existing infrastructure.

Is this self-hosted or SaaS?

Self-hosted only (currently). Q-Trust Plane runs on your infrastructure. Your policies, grants, and audit data never leave your environment. This ensures:

  • Complete data sovereignty
  • No vendor lock-in
  • Compliance with data residency requirements
  • Full control over your security posture

A managed service offering may be available in the future, but self-hosted will always be an option.

What are the system requirements?

Minimum (for evaluation):

  • 2 CPU cores
  • 4 GB RAM
  • 20 GB storage
  • Docker or Kubernetes

Recommended (for production):

  • 4+ CPU cores
  • 8+ GB RAM
  • 100+ GB storage (for audit logs)
  • Kubernetes cluster
  • PostgreSQL (managed or self-hosted)
  • Redis (for caching)
  • NATS (for event streaming)

Does Q-Trust Plane require blockchain infrastructure?

No. Blockchain anchoring is optional. You can use Q-Trust Plane without any blockchain infrastructure. The audit trail is stored in PostgreSQL by default.

If you want blockchain anchoring for additional verification, we support:

  • Ethereum (mainnet and testnets)
  • Polygon
  • Other EVM-compatible chains

What programming languages do I need to know?

None for usage. Q-Trust Plane is designed for platform engineers and DevOps teams:

  • Policy writing: QPL (declarative, SQL-like syntax)
  • Agent configuration: YAML
  • Deployment: Docker Compose or Kubernetes (Helm charts provided)

If you want to contribute to the core platform or build custom agents, knowledge of Rust or TypeScript is helpful.

Security Questions

How are cryptographic keys managed?

Q-Trust Plane supports multiple key management options:

  1. Vault Integration (recommended): HashiCorp Vault for key storage
  2. Hardware Security Modules (HSM): PKCS#11 support for HSM integration
  3. Cloud KMS: AWS KMS, GCP KMS, Azure Key Vault
  4. File-based: For development/testing only (not recommended for production)

Keys are used to sign grants and audit entries. Private keys never leave your infrastructure.

What cryptographic algorithms are used?

  • Signing: Ed25519 (default), ECDSA (secp256k1 for Web3 compatibility)
  • Hashing: SHA-256, SHA-3 (for Merkle trees)
  • Encryption: AES-256-GCM (for sensitive data at rest)

All cryptographic operations use well-vetted libraries (ring, ed25519-dalek, etc.).

How is the audit trail protected?

The audit trail is protected through:

  1. Cryptographic signatures: Every entry is signed
  2. Merkle tree batching: Entries are batched into Merkle trees
  3. Blockchain anchoring (optional): Merkle roots anchored on-chain
  4. Immutable storage: Append-only audit log
  5. Access controls: Role-based access to audit data

Can Q-Trust Plane be compromised?

Like any software, Q-Trust Plane has a threat model:

Protected against:

  • Unauthorized policy changes (policies are versioned and signed)
  • Grant forgery (grants are cryptographically signed)
  • Audit trail tampering (Merkle trees + blockchain anchoring)
  • Replay attacks (grants are time-bound and include nonces)

Requires additional protection:

  • Key compromise (use HSM or Vault)
  • Infrastructure compromise (standard security practices)
  • Insider threats (separation of duties, audit log monitoring)

We provide a detailed threat model and security best practices in the documentation.

Deployment Questions

Can I deploy Q-Trust Plane in production during the pilot?

Yes! That's the goal. We'll work with you to ensure a safe, gradual rollout:

  1. Start with non-critical workloads
  2. Test policies in "audit-only" mode
  3. Gradually expand to more critical systems
  4. Monitor and optimize

We provide hands-on support during the pilot to ensure success.

What's the deployment process?

  1. Infrastructure setup: Deploy PostgreSQL, Redis, NATS (or use managed services)
  2. Core services: Deploy Q-Trust Plane services (Docker Compose or Kubernetes)
  3. Agent deployment: Deploy domain-specific agents
  4. Policy development: Write and test policies
  5. Integration: Connect agents to your existing systems
  6. Testing: Validate in non-production environment
  7. Production rollout: Gradual rollout with monitoring

We provide Helm charts, Docker Compose files, and detailed deployment guides.

Can I use managed services (RDS, ElastiCache, etc.)?

Yes! Q-Trust Plane works with managed services:

  • PostgreSQL: AWS RDS, GCP Cloud SQL, Azure Database
  • Redis: AWS ElastiCache, GCP Memorystore, Azure Cache
  • NATS: NATS Cloud, self-hosted
  • Vault: HashiCorp Cloud Platform (HCP) Vault

Using managed services reduces operational overhead.

What about high availability?

Q-Trust Plane services are designed for high availability:

  • Stateless services: Can be scaled horizontally
  • Database: Use PostgreSQL replication or managed service HA
  • Redis: Use Redis Sentinel or managed service HA
  • NATS: Use NATS clustering
  • Load balancing: Use standard load balancers (nginx, HAProxy, cloud LB)

We provide HA deployment guides and Kubernetes manifests.

Pricing & Licensing Questions

What does the Early Access Program cost?

$1,500/month for 6 months (50% off the regular $3,000/month Professional tier).

This includes:

  • Full platform access (all agents, all features)
  • 2 weeks hands-on implementation support
  • Direct Slack/Discord channel
  • Weekly sync calls
  • Priority feature requests

What happens after the pilot?

You have three options:

  1. Continue at pilot pricing: Lock in $1,500/month for 12 additional months
  2. Upgrade to Enterprise: Custom pricing with dedicated support
  3. Downgrade to Community: Free tier with limited features

No long-term commitment. Month-to-month billing.

Is there a free tier?

Yes! The Community tier is free and includes:

  • Up to 100 policy evaluations/day
  • Single domain (choose one agent)
  • Community support
  • Basic audit logs (7 days retention)
  • Self-hosted only

Perfect for open source projects, evaluation, and small deployments.

What's the difference between Professional and Enterprise?

Feature Professional Enterprise
Price $3,000/month Custom
Policy evaluations Unlimited Unlimited
Agents All included All included
Support Email Dedicated engineer
SLA Best effort Custom SLA
Implementation Self-service Hands-on assistance
Custom integrations No Yes
Training Documentation Workshops included
Multi-region Single region Multi-region support

Can I cancel anytime?

Yes. Month-to-month billing with 30-day notice for cancellation. We'll help with data export and transition if needed.

Do you offer discounts for non-profits or education?

Yes! We offer discounts for:

  • Non-profit organizations (50% off)
  • Educational institutions (50% off)
  • Open source projects (free Community tier)

Contact us at mayckonrlyeh@gmail.com to discuss.

Comparison Questions

How is Q-Trust Plane different from OPA (Open Policy Agent)?

Feature Q-Trust Plane OPA
Scope Cross-domain (Web3, K8s, Terraform, MLOps, CI/CD) Primarily K8s, some other domains
Policy language QPL (declarative, domain-agnostic) Rego (functional, K8s-focused)
Grants Cryptographically signed, time-bound No grant system
Audit trail Complete, immutable, blockchain-anchored Limited (depends on integration)
Evidence First-class support for evidence collection Manual evidence handling
Cryptography Built-in (signatures, Merkle trees) Not included

Use OPA if: You only need K8s policy enforcement
Use Q-Trust Plane if: You need cross-domain governance with cryptographic proof

How is Q-Trust Plane different from HashiCorp Sentinel?

Feature Q-Trust Plane Sentinel
Vendor lock-in Open source, no lock-in Tied to HashiCorp products
Scope All domains Primarily Terraform
Cryptographic grants Yes No
Audit trail Complete, blockchain-anchored Limited
Self-hosted Yes Yes (with Terraform Enterprise)
Cost $3,000/month (all domains) Included with Terraform Enterprise ($70k+/year)

Use Sentinel if: You only use HashiCorp products
Use Q-Trust Plane if: You need cross-domain governance without vendor lock-in

How is Q-Trust Plane different from Kyverno?

Feature Q-Trust Plane Kyverno
Scope Cross-domain K8s only
Policy language QPL YAML-based
Grants Cryptographically signed No grant system
Audit trail Complete, immutable K8s events only
Web3 support Yes No
Terraform support Yes No

Use Kyverno if: You only need K8s policy enforcement
Use Q-Trust Plane if: You need cross-domain governance with cryptographic proof

Support Questions

What support is included in the Early Access Program?

  • 2 weeks hands-on implementation with our engineering team
  • Direct Slack/Discord channel for questions
  • Weekly sync calls (30-60 minutes)
  • Priority bug fixes and issue resolution
  • Priority feature requests
  • Documentation and training materials

What support is included after the pilot?

Professional tier:

  • Email support (response within 2 business days)
  • Community Discord/Slack
  • Documentation and guides
  • Bug fixes and security updates

Enterprise tier:

  • Dedicated support engineer
  • Custom SLA (e.g., 4-hour response time)
  • Phone/video support
  • Architecture reviews
  • Training and workshops

How do I report bugs or request features?

  • GitHub Issues: For bugs and feature requests
  • Discord/Slack: For questions and discussions
  • Email: mayckonrlyeh@gmail.com for sensitive issues

During the pilot, you have direct access to the engineering team via Slack/Discord.

Compliance Questions

Does Q-Trust Plane help with SOC2 compliance?

Yes! Q-Trust Plane provides:

  • Complete audit trail (required for SOC2)
  • Access controls and authorization (CC6.1, CC6.2)
  • Cryptographic signatures (CC6.6)
  • Evidence collection (CC7.2)
  • Immutable logs (CC7.3)

We provide a SOC2 compliance guide mapping Q-Trust Plane features to SOC2 controls.

Does Q-Trust Plane help with HIPAA compliance?

Yes! Q-Trust Plane provides:

  • Access controls (§164.308(a)(4))
  • Audit controls (§164.312(b))
  • Integrity controls (§164.312(c)(1))
  • Authentication (§164.312(d))

We provide a HIPAA compliance guide and can sign BAAs for Enterprise customers.

Does Q-Trust Plane help with GDPR compliance?

Yes! Q-Trust Plane provides:

  • Audit trail for data access (Article 30)
  • Access controls (Article 32)
  • Data sovereignty (self-hosted, data stays in your region)
  • Right to erasure support (policy-based data retention)

Getting Started

How do I apply for the Early Access Program?

  1. Fill out the application form: qtrust-plane.vercel.app/early-access
  2. Or email us directly: mayckonrlyeh@gmail.com

We'll respond within 2 business days to schedule an initial call.

What's the timeline from application to deployment?

  • Week 1: Application → Initial call → Technical deep dive
  • Week 2: Acceptance → Onboarding → Infrastructure setup
  • Week 3-4: Implementation and integration
  • Week 5+: Production rollout and optimization

Total: 4-6 weeks from application to production deployment.

Can I try Q-Trust Plane before applying?

Yes! You can:

  1. Clone the GitHub repo: github.com/qtrust-plane
  2. Run the demo environment: docker-compose up (see demo/README.md)
  3. Explore the documentation: docs/ directory
  4. Try the interactive demo: qtrust-plane.vercel.app/demo

Still Have Questions?

Email: mayckonrlyeh@gmail.com
Website: qtrust-plane.vercel.app
GitHub: github.com/qtrust-plane
Discord: Join our community

We typically respond within 2 business days.