generated from coulomb/repo-seed
Complete OpenBao emergency drill gate
This commit is contained in:
@@ -127,7 +127,7 @@ revoked or allowed to expire after the check.
|
|||||||
|
|
||||||
```task
|
```task
|
||||||
id: NET-WP-0017-T02
|
id: NET-WP-0017-T02
|
||||||
status: in_progress
|
status: done
|
||||||
priority: high
|
priority: high
|
||||||
state_hub_task_id: "909944bd-843a-4a63-8c87-536cea052a88"
|
state_hub_task_id: "909944bd-843a-4a63-8c87-536cea052a88"
|
||||||
```
|
```
|
||||||
@@ -277,6 +277,19 @@ and non-secret evidence remain under `/tmp/netkingdom-openbao-restore-drill/`.
|
|||||||
`make security-bootstrap-validate-t02` now shows the restore evidence gate as
|
`make security-bootstrap-validate-t02` now shows the restore evidence gate as
|
||||||
done. T02 remains open only for emergency seal/unseal metadata and evidence.
|
done. T02 remains open only for emergency seal/unseal metadata and evidence.
|
||||||
|
|
||||||
|
**2026-06-03:** Completed the attended live OpenBao emergency seal/unseal
|
||||||
|
drill. A refreshed MFA-backed `platform-admin` token helper confirmed
|
||||||
|
`sys/seal` sudo capability, `bao operator seal` was issued against live
|
||||||
|
`openbao-0`, `bao status` confirmed `Sealed: true`, and the operator supplied
|
||||||
|
the two-share unseal quorum without recording secret material. Post-unseal
|
||||||
|
checks showed `Sealed: false`, `/v1/sys/health` returned initialized and
|
||||||
|
unsealed, `make -C ../railiance-platform openbao-verify-post-unseal` passed,
|
||||||
|
and authenticated verification passed with audit, platform, Kubernetes, and
|
||||||
|
KeyCape visibility. Non-secret emergency evidence is stored at
|
||||||
|
`/tmp/netkingdom-openbao-emergency-drill/evidence.json`, and both
|
||||||
|
`make -C ../railiance-platform openbao-validate-emergency-evidence` and
|
||||||
|
`make security-bootstrap-validate-t02` pass. NET-WP-0017-T02 is complete.
|
||||||
|
|
||||||
### T03 - Close Trial Taint And Retire Bootstrap Admin Paths
|
### T03 - Close Trial Taint And Retire Bootstrap Admin Paths
|
||||||
|
|
||||||
```task
|
```task
|
||||||
|
|||||||
Reference in New Issue
Block a user