17 , production setup
Minimal production checklist.
Required
Minimum steps before running Faramesh in production.
✓Dedicated policy file in version control
✓Dedicated data directory with backups
✓Service manager (systemd, container supervisor, etc.)
✓Monitoring on /metrics
✓Regular audit verify checks
Recommended daemon command
Use this as your baseline production start command.
faramesh serve \
--policy /etc/faramesh/policy.fpl \
--data-dir /var/lib/faramesh \
--socket /var/run/faramesh.sock \
--metrics-port 9108 \
--log-level info
Optional PostgreSQL mirror
Mirror the audit chain to Postgres for long-term retention and querying.
faramesh serve \
--policy /etc/faramesh/policy.fpl \
--data-dir /var/lib/faramesh \
--dpr-dsn "postgres://user:pass@host:5432/faramesh?sslmode=disable"
Health and audit checks
Run these regularly to confirm the service is healthy and the audit chain is intact.
Check metrics endpoint
Confirms the daemon is running and exposing metrics.
curl -sS http://127.0.0.1:9108/metrics | head
Verify audit chain
Checks the database for any tampered or missing records.
faramesh audit verify /var/lib/faramesh/faramesh.db
Identity hardening (SPIFFE)
Use SPIFFE Workload API identity for workload verification and trust material management.
faramesh serve \
--policy /etc/faramesh/policy.fpl \
--spiffe-socket unix:///run/spire/sockets/agent.sock
faramesh identity verify --spiffe spiffe://example.org/agent/faramesh
faramesh identity trust --domain example.org --bundle /etc/spiffe/bundle.pem
Observability backends
Expose /metrics once and ingest in Prometheus/Grafana, Datadog, or New Relic.
curl -sS http://127.0.0.1:9108/metrics | head
FCP auth (optional)
Connect to the Faramesh Cloud Platform for managed policy sync and remote monitoring.
Login
Authenticate with FCP.
Check auth status
Confirm you are authenticated and connected.
Start with sync enabled
Starts the daemon and syncs policy and decisions with FCP.
faramesh serve \
--policy /etc/faramesh/policy.fpl \
--sync-horizon