It's very easy to get started. If you have an existing Ethereum private key you can import your key into the Valist CLI. If you don't have a key, don't worry, the Valist CLI makes it very easy to generate new keys.
1. Install the Valist CLI.
2. Generate or import a new key.
3. Create a new Organization.
4. Create a new Repository.
5. Publish your project (npm publish, docker push, valist publish, etc)
Valist leverages an Ethereum smart contract to create Access Control lists of authorized public keys for each organization and project. Data within the system is validated and upheld by a global network of peers.
Operations such as release management and key rotation are enforced in the smart contract by checking whether a transaction was signed by a keypair with adequate privileges.
When a new release is published, the file is uploaded to the IPFS network and a pointer to its corresponding IPFS hash is stored within the smart contract.
A multi-factor release is a feature provided by Valist that requires multiple developers within an organization or project to digitally sign off on a release before that release is authorized to be published.
For example, you can require that 7 out of 10 developers need to sign off on a release before it is published. This prevents unauthorized releases, and reduces individual liability.