Trinity Documentation

Everything you need to deploy, operate, and extend your own sovereign PKI.

Start Here

Install the tools, initialize a Root CA, generate your first certificate, and understand the full workflow.

Deploy Trinity Connect or Spirit Gateway on your own infrastructure — from a Raspberry Pi to AWS.

The offline Root CA. Key generation, certificate signing, revocation, and CRL management.

Desktop identity vault. Private key management, CSR generation, and certificate lifecycle.

Cloudflare Worker gateway. Handles CSR relay, enrollment tokens, and certificate polling.

System architecture, data flows, and the four pillars of the Trinity ecosystem.

How post-quantum Kyber-1024 encryption secures CSR transport across untrusted channels.

Generate truly random, high-entropy passphrases using physical dice or a coin. No software required.