--- id: surface.infotech.ops-warden.routing-catalog name: ops-warden credential routing catalog kind: policy summary: Catalog mapping credential/access needs to their owning subsystem (who issues what), consumed via `warden route`. owner: ops-warden status: active scope: allowed_layers: [company, platform] default_layer: company mutability: deploy-time security_class: policy schema: type: object validator: ~/ops-warden/registry/routing/catalog.schema.yaml sources: - repo: ops-warden path: registry/routing/catalog.yaml role: company-baseline relations: consumed_by: - service.warden-cli overrides: [] depends_on_secret: [] related_to: - surface.infotech.state-hub.api-config evidence: last_seen: '2026-06-26' discovery_method: manual change_log_ref: ATLAS-WP-0002-T03 --- # ops-warden credential routing catalog The credential routing catalog answers "who owns this credential need?" — SSH certs (ops-warden), API keys/DB passwords (OpenBao), login/OIDC (key-cape), etc. It is a **routing policy** surface: it carries pointers, never secret values. - **Source of truth:** `ops-warden/registry/routing/catalog.yaml`; consumed via `warden route find/show`. - **Boundary:** this surface maps the catalog's existence, owner, and scope; secret values are never stored here (`security_class: policy`, no `depends_on_secret`). - **Why indexed:** credential routing is high-frequency and high-risk; the atlas records where the routing policy lives and who owns it.