generated from coulomb/repo-seed
Harden KeyCape OpenBao client action
This commit is contained in:
@@ -321,6 +321,12 @@ client is now code-defined in `sso-mfa/k8s/keycape/create-secrets.sh`, while
|
||||
the UI action cards only ask the operator to apply live KeyCape config,
|
||||
configure OpenBao with a protected token prompt, and verify MFA-backed login.
|
||||
|
||||
**2026-05-26:** Hardened the KeyCape OpenBao client deployment action after the
|
||||
operator hit a non-executable `create-secrets.sh`. The action card now runs the
|
||||
script through `bash`, uses absolute repo paths, and wraps the sequence in a
|
||||
fail-fast heredoc so a failed config generation does not continue into a
|
||||
KeyCape restart or verification.
|
||||
|
||||
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
|
||||
custodian age-key bootstrap model to the control surface. The UI now records
|
||||
the custodian public age recipient, a derived fingerprint, and a non-secret
|
||||
|
||||
Reference in New Issue
Block a user