Harden KeyCape OpenBao client action

This commit is contained in:
2026-05-26 02:22:24 +02:00
parent f3c8d70270
commit 1267df148a
3 changed files with 18 additions and 7 deletions

View File

@@ -70,7 +70,7 @@ image: keycape:v0.1 # replace with your actual tag
# If T04 is not yet done, run it now and re-run after create-pi-token.sh.
cd sso-mfa/k8s/keycape
chmod +x create-secrets.sh create-pi-token.sh
./create-secrets.sh
bash ./create-secrets.sh
# 2. Apply manifests
kubectl apply -f deployment.yaml
@@ -92,7 +92,7 @@ chmod +x create-pi-token.sh
./create-pi-token.sh
# 2. Re-run create-secrets.sh to update keycape-config with the real token
./create-secrets.sh
bash ./create-secrets.sh
# 3. Restart KeyCape to pick up the new Secret
kubectl rollout restart deployment/keycape -n sso
@@ -106,7 +106,7 @@ OpenBao admin CLI clients are code-defined there; operators should not create
those clients manually in a separate UI. After changing the block:
```bash
./create-secrets.sh # regenerates keycape-config Secret
bash ./create-secrets.sh # regenerates keycape-config Secret
kubectl rollout restart deployment/keycape -n sso
```