Artifact Deployment Tracking lets you record which artifacts are running in which Environments, building a live view of what’s running where across your organization. Because deployment records are linked to evidence in Chainloop’s evidence store, you can trace any running artifact back to the Workflows that built or tested it, the Projects and Versions it belongs to, and the Attestations that captured its provenance.Documentation Index
Fetch the complete documentation index at: https://docs.chainloop.dev/llms.txt
Use this file to discover all available pages before exploring further.
Key Concepts
Deployment Record
A deployment record is the unit of information stored by Chainloop each time you register an artifact as running in an environment. Each record is uniquely identified by combining:| Field | Description |
|---|---|
| Environment | The infrastructure target (e.g., my-k8s-cluster) |
| Logical Environment | The lifecycle stage (e.g., production) |
| Deployment Name | A user-defined name for the deployment (e.g., api-server) |
| Kind | The type of artifact (CONTAINER_IMAGE or HELM_CHART) |
superseded, giving you a complete audit trail of what ran where and when.
Deployment Status
Each deployment record has one of three statuses:| Status | Description |
|---|---|
deployed | The artifact is currently active |
superseded | The artifact was previously deployed but has been replaced by a newer version |
decommissioned | The artifact has been explicitly removed |
Automatic Superseding
When you record a new deployment that matches an existing active record (same environment, logical environment, deployment name, and kind), Chainloop automatically marks the previous record assuperseded. This means you always have a clear picture of what’s currently running without manual cleanup.
Idempotent Recording
Recording the same artifact to the same deployment record multiple times is safe and idempotent. The deployment timestamp is updated but no duplicate records are created. This makes it safe to call from CI/CD pipelines on every run, effectively acting as a heartbeat for the deployment.Recording a Deployment
Usechainloop deployment record to register that an artifact is running in an environment. You can reference the artifact by OCI image or by digest:
The artifact must already exist in the Chainloop evidence store (i.e., it must have been previously attested). If the OCI image is hosted in a private registry, you can provide credentials explicitly via
--registry-server, --registry-username, and --registry-password flags, or the CLI will use your system’s configured credentials.Decommissioning
To mark an artifact as no longer running, usechainloop deployment record with --status decommissioned:
Listing Deployments
By default,chainloop deployment list shows only currently active deployments. Use --history to include superseded and decommissioned records. You can filter by --env or --logical-env.
See the CLI Reference for the full list of flags and options.
Typical Workflow
Here’s an end-to-end example of how deployment tracking fits into a delivery pipeline: 1. Set up environments (one-time)Next Steps
- Environments and Logical Environments — Set up your infrastructure targets and lifecycle stages
- Attestations — Learn how evidence is collected and signed
- Projects and Versions — Organize your software components