coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openbao king credential bootstrapping

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-24 09:26:02 +02:00
parent 7d55cb8bd3
commit 1d0b0e7330
18 changed files with 3080 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
workplans/NK-WP-0005-agent-driven-credential-bootstrap.md
View File

@@ -8,7 +8,7 @@ status: done
owner: custodian
topic_slug: netkingdom
created: "2026-03-21"
updated: "2026-05-18"
updated: "2026-05-24"
depends_on: NK-WP-0004
state_hub_workstream_id: "75bc472b-cc0a-48f2-afb6-62b896f7cc19"
---
@@ -86,6 +86,19 @@ to tenant administrators. If they are included in an emergency bundle,
that bundle is platform-control-plane break-glass material and requires
the strongest storage and review procedure available for the deployment.
## NET-WP-0016 Closeout Review
This workplan remains useful as automation substrate, but its "zero human ops"
framing is superseded at the product and custody layer by `NET-WP-0015` and
`NET-WP-0016`.
Agents may still generate, encrypt, inject, verify, and rotate bootstrap
material. They must not silently assume king credential custody, run live
OpenBao initialization unattended, or treat emergency bundles as ordinary
operator conveniences. The guided bootstrap experience is the canonical
operator path for king credential setup, OpenBao ceremony readiness, handover
cleanup, and reopening under custody.
## Design
### What changes from NK-WP-0004