coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add NET-WP-0017 T02 closure validator

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-02 00:24:18 +02:00
parent cd82285efe
commit 31e6d6660f
4 changed files with 257 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tools/security-bootstrap-console/README.md
View File

@@ -216,6 +216,17 @@ python3 tools/security-bootstrap-console/security_bootstrap_console.py openbao-p
This still does not run `bao operator init`.
Validate the current NET-WP-0017-T02 OpenBao audit/recovery gates:
```bash
make security-bootstrap-validate-t02
```
The validator checks local non-secret metadata, the next independent quorum
holder, the Audit Core retention/risk decision, and the Railiance restore and
emergency-drill evidence validators. It fails until real evidence files exist
and the remaining T02 metadata gates are recorded.
OpenBao itself is operated from the Railiance runbook. Public ingress is
disabled, so the live ceremony uses Railiance `make` targets, `kubectl exec`,
or an operator port-forward. The local UI can record non-secret milestones