coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openbao king credential bootstrapping

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-24 09:26:02 +02:00
parent 7d55cb8bd3
commit 1d0b0e7330
18 changed files with 3080 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
SCOPE.md
View File

@@ -27,7 +27,8 @@ NetKingdom is a self-optimizing security platform for Kubernetes-based IT infras
- User Engine Boundary Contract: source-of-truth, membership,
application-onboarding, projection, authorization, and audit contracts for
`user-engine` integration (`canon/standards/user-engine-boundary-contract_v0.1.md`)
- Security bootstrapping: credential management, SOPS/age integration, OpenBao runtime secret authority
- Security bootstrapping: credential management, SOPS/age integration,
platform-root custody, OpenBao runtime secret authority
- Architectural decisions (DECISIONS.md): identity source, secrets, GitOps, bootstrap user store
---
@@ -44,6 +45,7 @@ NetKingdom is a self-optimizing security platform for Kubernetes-based IT infras
## Relevant When
- Setting up identity for a NetKingdom/Railiance deployment
- Designing or using the guided security bootstrap experience
- Applications need OIDC authentication; deciding between lightweight (KeyCape) and expanded (Keycloak) modes
- Bootstrap scenario: cluster not yet available, need minimal OIDC for dev/test/sandbox
- Reviewing IAM Profile specification or architectural identity decisions
@@ -118,7 +120,14 @@ keywords: [bootstrap, local-identity, oidc, minimal, dev, sandbox]
## Getting Oriented
- Start with: `wiki/` (specifications and decisions), `DECISIONS.md` (key architectural choices D1D5)
- Key files / directories: `sso-mfa/` (NK-WP-0001 active workplan), `local-identity/` (NK-WP-0002), `workplans/`
- Key files / directories: `docs/platform-root-custody.md`, `sso-mfa/`
(NK-WP-0001 active workplan), `local-identity/` (NK-WP-0002),
`workplans/`
- Entry points: `workplans/NK-WP-0001-sso-mfa-platform.md` and `NK-WP-0002-local-identity.md` for current work
- User-domain boundary contract:
`canon/standards/user-engine-boundary-contract_v0.1.md`
- Bootstrap/custody entry points:
`docs/platform-root-custody.md`,
`docs/security-bootstrap-use-cases.md`,
`workplans/NET-WP-0015-platform-root-custody-and-openbao-identity-bootstrap.md`,
and `workplans/NET-WP-0016-guided-security-bootstrap-experience.md`