Local workstation

The default is the safest deployment and needs no authentication ceremony:

premier serve --bind 127.0.0.1:4317 --trace-dir .premier/traces

Team service with native HTTPS

Premier refuses plaintext or anonymous non-loopback binds. Supply a PEM certificate/key pair and either a password or bearer-token configuration:

premier serve \
  --bind 0.0.0.0:4317 \
  --trace-dir /srv/premier/traces \
  --tls-cert /run/secrets/premier/fullchain.pem \
  --tls-key /run/secrets/premier/private-key.pem \
  --auth-config /run/secrets/premier/auth.json

Remote mode also refuses to start while its trace directory contains a plaintext trace. Give the service the owner-only key that encrypted those traces through PREMIER_TRACE_KEY_FILE.

The authentication file must be owner-only on Unix and stores SHA-256 token hashes, never bearer plaintext:

{
  "tokens": [
    {
      "subject": "incident-reviewers",
      "tenant_id": "acme",
      "token_sha256": "<64 lowercase hex characters>",
      "scopes": ["trace:read", "assistant:use"]
    }
  ]
}

Generate a token and its stored hash separately:

token="$(openssl rand -hex 32)"
printf '%s' "$token" | shasum -a 256
chmod 600 /run/secrets/premier/auth.json

Record encrypted, tenant-owned evidence with PREMIER_TRACE_KEY_FILE=/run/secrets/premier/trace.key premier record --tenant acme -- …. The service only lists or returns artifacts whose manifest tenant matches the authenticated principal. Use premier claim for a one-time legacy ownership assignment and premier encrypt for plaintext migration or key rotation.

Reverse proxy

Native TLS avoids trusting a proxy identity header. If an ingress terminates an outer connection, keep the Premier hop encrypted as well, restrict the backend port at the network layer, and pass bearer authentication unchanged. Health checks use /api/health; do not expose the trace directory as static files.

Operational checklist

  • Rotate bearer tokens and TLS certificates independently.
  • Back up encrypted traces and the key through separate protected channels; do not put the key inside the trace directory.
  • Run as a dedicated unprivileged account.
  • Bound filesystem retention and monitor capacity.
  • Keep assistant:use out of read-only reviewer credentials when local AI execution is not required.