# Pattern: GitOps with Guardrails Status: seed Readiness target: RL3 production Primary owners: Railiance platform, product repos Genesis family: Kubernetes and platform ## Problem GitOps can make operations reproducible while still deploying unsafe state if review, policy, secrets, and provenance controls are weak. ## Context Use this pattern for platform and product deployment repositories, environment promotion, configuration changes, and operational rollbacks. ## Forces - Desired state should be reviewable and auditable. - Secrets must not be exposed in Git. - Policy checks need to run before reconciliation. - Emergency changes need traceability. ## Solution Use Git as the reviewed desired-state source while enforcing branch protection, policy-as-code checks, encrypted secret references, signed artifact admission, and clear rollback procedures. ## Verification - Production changes enter through reviewed commits or documented emergency paths. - Reconciliation rejects policy failures. - Secret plaintext is absent from Git. - Rollbacks preserve audit and policy evidence. ## Related Patterns - Protected Main Branch. - Policy-as-Code Admission Control. - Sealed Secret / Encrypted Git Secret. - Signed Image Admission.