generated from coulomb/repo-seed
Add NET-WP-0017 T02 closure validator
This commit is contained in:
14
Makefile
14
Makefile
@@ -6,6 +6,9 @@ OPERATOR_AGE_PUBKEY := $(shell cat keys/age.pub 2>/dev/null | tr -d '[:space:]')
|
||||
SECURITY_BOOTSTRAP_METADATA ?= $(if $(METADATA),$(METADATA),.local/security-bootstrap.json)
|
||||
SECURITY_BOOTSTRAP_HOST ?= $(if $(HOST),$(HOST),127.0.0.1)
|
||||
SECURITY_BOOTSTRAP_PORT ?= $(if $(PORT),$(PORT),8876)
|
||||
OPENBAO_RESTORE_EVIDENCE ?= /tmp/netkingdom-openbao-restore-drill/evidence.json
|
||||
OPENBAO_EMERGENCY_EVIDENCE ?= /tmp/netkingdom-openbao-emergency-drill/evidence.json
|
||||
RAILIANCE_PLATFORM_PATH ?= ../railiance-platform
|
||||
|
||||
# ── Help ──────────────────────────────────────────────────────────────────────
|
||||
help: ## Show this help
|
||||
@@ -172,6 +175,14 @@ security-bootstrap-validate-kit: ## Validate non-secret king credential metadata
|
||||
--metadata "$(SECURITY_BOOTSTRAP_METADATA)" \
|
||||
validate-king-kit
|
||||
|
||||
security-bootstrap-validate-t02: ## Validate NET-WP-0017-T02 OpenBao audit/recovery gates
|
||||
python3 tools/security-bootstrap-console/security_bootstrap_console.py \
|
||||
--metadata "$(SECURITY_BOOTSTRAP_METADATA)" \
|
||||
validate-t02 \
|
||||
--railiance-path "$(RAILIANCE_PLATFORM_PATH)" \
|
||||
--restore-evidence "$(OPENBAO_RESTORE_EVIDENCE)" \
|
||||
--emergency-evidence "$(OPENBAO_EMERGENCY_EVIDENCE)"
|
||||
|
||||
security-bootstrap-approve-custody: ## Approve custody mode metadata: make security-bootstrap-approve-custody ARGS="--mfa-enrolled-confirmed --mfa-enrollment-source identity-provider --recovery-confirmed --custody-packet-prepared --no-secret-capture-confirmed"
|
||||
python3 tools/security-bootstrap-console/security_bootstrap_console.py \
|
||||
--metadata "$(SECURITY_BOOTSTRAP_METADATA)" \
|
||||
@@ -212,6 +223,7 @@ security-bootstrap-ui: security-bootstrap-metadata-init ## Serve local custody a
|
||||
creds-agent-init creds-agent-status creds-emergency-reprint \
|
||||
iam-profile-conformance-test playbook-contract-test \
|
||||
security-bootstrap-console security-bootstrap-king-kit \
|
||||
security-bootstrap-validate-kit security-bootstrap-approve-custody \
|
||||
security-bootstrap-validate-kit security-bootstrap-validate-t02 \
|
||||
security-bootstrap-approve-custody \
|
||||
security-bootstrap-custody-packet security-bootstrap-openbao-preflight \
|
||||
security-bootstrap-metadata-init security-bootstrap-ui
|
||||
|
||||
Reference in New Issue
Block a user