From 33b9b93dba14bd41567f8df83fccb4e730bc27b1 Mon Sep 17 00:00:00 2001
From: Bernd Worsch <bernd.worsch@gmail.com>
Date: Sat, 21 Mar 2026 10:42:39 +0000
Subject: [PATCH] chore(creds): encrypted secrets [agent NK-WP-0005]

---
 sso-mfa/bootstrap/creds-state.yaml            |   4 ++--
 .../secrets.enc/authelia/secrets.env.age      | Bin 1507 -> 1507 bytes
 .../secrets.enc/breakglass/secrets.env.age    | Bin 491 -> 491 bytes
 .../secrets.enc/keycape/secrets.env.age       | Bin 588 -> 588 bytes
 .../secrets.enc/lldap/secrets.env.age         | Bin 724 -> 724 bytes
 .../secrets.enc/postgres/secrets.env.age      | Bin 594 -> 594 bytes
 .../secrets.enc/privacyidea/secrets.env.age   | Bin 1143 -> 1143 bytes
 7 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sso-mfa/bootstrap/creds-state.yaml b/sso-mfa/bootstrap/creds-state.yaml
index 0e79e84..4c9494d 100644
--- a/sso-mfa/bootstrap/creds-state.yaml
+++ b/sso-mfa/bootstrap/creds-state.yaml
@@ -7,8 +7,8 @@ schema_version: 2
 agent_mode: true               # NK-WP-0005: fully automated
 
 # Phase tracking
-age_key_present: false         # ~/.config/sops/age/keys.txt exists
-secrets_generated: false       # gen-secrets.sh ran successfully
+age_key_present: true
+secrets_generated: true
 ops_bundle_created: false      # age-encrypted bundle created
 ops_bundle_location: null      # path or storage hint
 
diff --git a/sso-mfa/bootstrap/secrets.enc/authelia/secrets.env.age b/sso-mfa/bootstrap/secrets.enc/authelia/secrets.env.age
index 90cb7633d746d7982ab642ea094df8ef79c37119..b4c8ab0f6940a67c2c9af0ba1dd5ee2b19172ac8 100644
GIT binary patch
delta 1493
zcmV;`1uFXE3*!rrAb&MbF)K`NcTz-eO>avxG*2sfPIzo-PEdJMada|zR9bpbK|)D*
zL^(8icM30JNpeFrO)oiZOl?CeWjQ!lNJ2tndMidUR5ns!W-xD3V_`;cc~3@Sa|$gj
zEg*SJWpGq-c~xU}aBEpNHZyH(MOAcoFI8%JT69uGS29>mNPlm6aYZ$ARci_^j)#4e
zifHwK>{)QdZ5xzE7RsGeZ)##~^coG4J0ctQDWM{`5}@;`hB`+$W}Ve!sC*v}QD%qr
z1P4=6sx;g&gY(4=u({rxZ1H!%%mhtkVy8avJR=6zY2xIPn{+^8=*P-^7i#AVoAuqk
zS4L%3Qm#d;q<{ardiVZlal>}dPN||d8P>Rpz(Kjoe~J?$DHs4sYj-_>!r4!?z$ent
zN@%SQ6k#1@U}s;I@Qv#E8?>U`l{2~A;#B-SEYzv2cra6Xc?u%y-kwPN|JK?DU5%z_
zic**^D#vn5XQcR4PKSRWJY~4oFhlguD0;T4ih*}<(|@44nG;I__kX?{C@@#%vE#;r
z<^HB%?(`D5A|iEvM@<;P1f=uU$^XX}MMZ<XI=KdC+yc;8^WX4aAle!tOb3O5I>Zxi
zNcw)lT{s`8W+&O`u`ofw=oJT*)s`s(o+MP(6;}{IbgZYA0^&wTP}AIK2e)FPW1up1
zko5_>GJoA5bA7`2^sQA~z=bq%jM;`AHlHc_%pD8#`*-t5rh?TfO&-xx7)`_LAF4cF
z&T<1uV^N>F)y5npNPuAUgLH)A6}|eLMR9^VXqg5Iob?y=Lo)xbRiBX1Y(|9qg`BWr
zS^K3j0G~e97_4U67MM!}k3R+v@PLjjwllD04S#{6#|88^xsw>NvRdV5^j<=^<tC<*
zRktxF%vz!*o(32#wM7jKr5gSu-9dJP`vm+1cOSy!93SGe^Ki8J>`&VNV#KziODRF|
z287}P+fW=xF46_#kkguvOP=Z`3*y#Qi0g~)!jaWkY%IF<9Rg*iHl!t~+<E*1<*Dn<
zjDHps)+KvND;aS#=YGk*!RPZegbY9j$<}E2k3CwpEgVNVSeH?!z{>hx-=t*7oMfe%
zV)b47m*8oj_zl!ft~LBcK#5W`C)JIUXAiWDxVF?za@0?h^h5eV;^X-TAU3+%GQ65Q
z6CUpg86CFZd4ba~#}3uUg`Tp3sK!}2$$uCdu35iUn8PTQjpXYrB&|{<3fsxtP)dcU
zoHH^0zZHl>zyCAU0PpT$O*K3R)S+3^XsNbw(}fyqe)4q_(Cw-p^6u3P?v0z=p`Ne3
z+s}%@qRzDd<}aRaWDyGme7JD+tf6Y&xO8J0A<+ft>4{nu&;V`0S?H9H4-eS3Z-0yQ
zG5&G4Yi<~=B~BIH<-@$qQldeLq1Tm|bOhPyDhBBV!v9s+pMfSMFFX982_PSeSCP&=
zNJ-}2nH*Knmj2>;H(A&>ZRB>``35<tEa3iy(VDq$P%JgUwErD9b5DCrxKnD%p8J${
z)9EnLSgXfBVG@kcYul2|kY>0|UVqp(HR5`ymVrp-@5;cdmL65r@h|o6oE4~%)A2G0
z9o=x}1Abjs5G|h9Rx4wy9kM3}1|P<i{>2+BSZfC5`!0mKU`rxEcSA0U;S%_X)KWO9
z3cNDN#b+aWa~aeZjz`oA<J@E?`;xy<o&-<jd17_v%`W=R3;3+T3RuwToPXl8v*6YC
zoQc2O(9+?4C8~lnt;?n=NoKKG>nC*ZAZ?zK=<3#qel7cJh(_8GdYYmV^Or0ik)RNx
zR={|G>B9JZ$ud#Hmy~pJ2(Oo`jH2ilrQTsi#D+V#f5};WTJ5o6kY!wi$a;PbaF@;l
zBo?63FFC0(0Gn&V?!%btzfNNiTb>k0{QZ4I`P$BpH(25$;8RE={AivjzD@3bjKgU>
v{n*F{4f~7s3j8@*kUxF3vFj&|F_qa-U$<1P&U20j<M4<8pLls0L}FM)iA3LR

delta 1493
zcmV;`1uFXE3*!rrAb(3(D``wLMO0WbQ&ToFVKZ}ND{U)eFJpFAIBhFzHBd%XbU|co
zHfc_6RSGsUT1#zkRB1V9G;=UGH#0^>QcibOICyP#G)PrvVoiEsdP6uuZg@y<FbXX#
zEg(*EMK^73NO?g}LvKV;FLrKKGBHzSP-!x2G<s+>H#1H_L4Q$7S#U6AGG_`%Y-#$x
z%0oP%7y*P_o0WV!h%!`f?{BU<6?b4v>~R>j1m?2`@VllnJ#0QQx)QAm0=E;~aHvcm
zvu{*=`$S_5b^;SBuP#Kk%S=9O{S;x(DE<#`of$_xsRK+B=`$W$?OdZ(vvokAPvG(*
zI)8+%J-w_@?SJ(!3_*y?AARYhmoGpo!+nh8zhpqkY7e$3AF{9SY%i|vxB%g~+c&8w
z7LJ-Fm(Y-F(_!QAM3c$dZk(h^=Rv?5KKsyg$^$iocLG#qcNL=jaLpF2=YL7cZ7hcA
znYSPvVK1<wIC*|%!vX$>oVod!0-tjv=0?dHanIQ#?th;S7hq5QC3JrWNX`Ipj2V1D
zA}Ova%HN_tnO9Qy=Z}4YTlvxrHQcy!#fPIBQ&7%syCur8=*g-4m^anOz|gU=@tW*;
z?5>WGxYZ?nM{Pn1lz8k?e0K=Vt~QlC({IhBHMecSw|dM%5~nw=iNYithf%vj;Z|?=
zn|XHF_kZe}RmyD$(r0?PS)$r8r8Y<p|1Y8<lomhsB5tG5w6if(BZ~NukdN=m-a+}t
zsc(`!HER|`e2M3Dz7>j~FcGZ9hX=TtxD1B<#Y}r=&iIbvHn>L)$S`LH*L7K9Nqc7_
zSebU=2%;uv|8U*CIac*VvQl5viR|786+16-@P9#5_v>{2N_Moh{~yz0Eqpd2?Nj5n
zutp*l$255!%09N}h5Lk23-!j`jck|4{O^7OH+Z^ep$XExeo>@C+2VB3!xSUgAON8M
zH<+6}tV;RE28OKd2f9)T=?<!PfOYxm6_IHAsu`zQk=Nu#hcWHgUgNh`1YiJQ5iO)~
zet!{+OqES%EY}G~!mcw%%0Jph#+Sv-YEiab{IXC7SqUN+o_Be5?xN_Kkkki_)Cg~K
ziJUr2d1<`3kyeZyMLyUqjM2op9@6|0#1^$`<oeX~>z?&#Kr6A5XfClF5b2%$QE+6t
zx)YWMZTwJFcvHe$sfF>(D*@d92vP3`B7c061c)~3w3|4NilT>~uGL&J*=0pB8KB0e
zf^V*B`*jUUTZ1^J;ya0swWRMcgk$5$=?@o>VPZ;S#_kcqlAfcyxN`f1BlbNs^Z|XJ
zo)$WfMoMJ59cXKIj3!Cv-e$$etNRmr$4kfaRmJA~w!#O<LOhday3g!Nz0&KMUw_5+
zD643`KYawxsUQ}X63t(PB;^pmz?a^~JL_7~qgER^?=4kPti!wKICl)<OX`EsRf4vg
zICwM77ruS$p&`D1K6jHx&63R}ZFf|dQl(aoVq4Zmu;*ZgFp~n*17pt*E}+}l4~l!K
zl8JI4$*S>0V(3BnLJclEGe7Yfkbf&XUu?r09yR>>?K6=4us-4zkT$W%Q1|EPY=WXq
zh|f*Q=}_a{eO4~g)hdhJ?~FVF<+~!K+|)XOw#6y?qgKd=lerl>Nrx=N?b$e^v&_r}
zfOsgWXh8}(4{JzQ1klj5bDz!sN$sG+BMhVivuwR|BmyiGzcAh<h&c@?6Mqilcq4Ty
zK-w;-McVV9ZRgWDHX)!Y1{h6FXci$NU8t`1MH?it@G84igbfx?xYd%7a&M8rgfvmD
zU3o)*wF8|^K-p&KaD0m3EpmAFcSYj9#b@hj^4D}~S4tIsPpH@S4QPhb2vyXHzG&XU
z7mcFsEsr5?b>l>9UX^>_TuzpM335uFT^lH8OGqoY@<NB#QQ?<8`IX+T7Nvi~^({+-
vaA_@0-ot7?-py*J^D?;#R=n>F%-J3Ut0~fLyD19BGUB!WM{;V*NKTI(?(xtf

diff --git a/sso-mfa/bootstrap/secrets.enc/breakglass/secrets.env.age b/sso-mfa/bootstrap/secrets.enc/breakglass/secrets.env.age
index 93205c9ae8472a5d15e7e686664f028e2f3421e6..11d2479e1b38f0fb7f3ae8c6a79fb89441bf757a 100644
GIT binary patch
delta 469
zcmV;`0V@9M1M35jAb)XYP&g}PY;#mjV?kzlb!9dyI8JsiV`@})Wq2`9R$^LbWN&9`
zPc>wCSqex?F>zx{QZrd*S8i8raCC5HVq`LDQ*ba-Pc%?yWph<DH!yQ$HbgR0V+t)T
zEg({QZedDgHfLyKWkYs%Pck=GPE%=9X>cn=D^6l*D@#OTOn*f=R!wqOQ8WtAi-bB)
zZOip4s+sT?qz_hCQixEV?ox1Jds?vxg8{x_z3$F*B9*~~A`OL{rZ-A%p9@H4gD?)4
zjlVGbwH>k^u6aEte~w^XOmd)y$!_)axF2DZ^^vsXQw+)zEUgHm#&Gkoaya8L_r3SQ
zOB=w$Gs;Bqp?`bPfY^z=9D*i?@obp{1W|0Xdn4LX!AJWw49GE8A~Yh<f7+qe%^fbN
zI4)Z>{jMibv)4$Ubz1Qi3S)EJk@)^Z93s50DzaFCqeE01W<OJ~$}7nwISK7}u>KzJ
zgUy-MGH}|fm|YNI?NYG1uHlBare&}s?=S9$p(kfu%}%ae{qqu)8+Tat9|hI1AAT`0
z_C@JHY?4h_u3Y4mw}fJ5UeRk%eOS=PSNIp7@(dM<5<4WTXb$IkY~^DpjGCtb@C?sQ
L1rXuqm?}5ofC|rj

delta 469
zcmV;`0V@9M1M35jAb(|PO-C|APfay1OJ;aiPeNx-Y&m&WFg0#-Ye!Z$a(HHMa&kjs
zYj<W?I0{ubY*RB(HA!eTcTQ(*R5x}{M?p1eby-d|dT=*JWm<G;SvhQTO-xaDcM2^n
zEg)oPFK{txcsD~baWgk#Hc@#>RWLVBa5YsyN;pkMW=Up3X@68gbxCb`c54dMev_4a
zSr!?;p?F2rSGF-+ick5J!<Jt~Jt7<BYR<itR}cy;$O8b8T<=HbSKko!SlzI~Q~#oh
zOQCnJJTJN6u;d8LYI>M7hD;*`bAXrE2etAW$<$Nmp8QL8l!Ee|yBO)hLd4z*=7KlS
zfK;<5!kK`4Vt*mO`-y7#3*~B-Czs*RYcAPk-$y}ZaUlrAXT}2kBWgBp<P{%Z9Cg@{
zZq;ag(FV}$s*LnpT5G{W+Za9YI$kL1-Yg7_F660+&)ik=eOhSb=_{vRJh?j(xwjO;
ziy#HO-2MFK(IB?bztjN7bniGOAqC#<UVN`z520u{XioJh=j(=g^gBb`IKs7g^N&V^
ztH;BjJDaQZ2WzMpQMEYCHfvI$9^Lda5$=>JpNrFAcHJ&bIId7Xj2oVCka=t>N!q#(
LHjTr;1e{j8#NE{w

diff --git a/sso-mfa/bootstrap/secrets.enc/keycape/secrets.env.age b/sso-mfa/bootstrap/secrets.enc/keycape/secrets.env.age
index a4d40e8f0e538d2ac6ffa9a926de79addd77cc1c..1e29e0bda0ee8bb30c255b89254fe05e2e1589a9 100644
GIT binary patch
delta 567
zcmV-70?7T$1k41GAb(79X;xKKZc<K9SYbvpVN^_7HE}p|c63WGK}U0NFIaJNSTJov
zIZZcfcM4HrNmfH_V?$M1LPJerOD{4=WHd-KZfY`CPeev;c4AjHR#;_3K`U5nX9_JX
zEg&>gZDcnuaam?CGGj|wLwIjDGGcdaH&!n&NoX`eZg)poHh)+vYGhSOSyc-BgvRX;
zX_5D|YIgyrG0wVJ(eXCNcH~9wEtc6{A7ENSW{<w#+-mHML0uVD!E&Q$>!q#U2|tPQ
zm|sS+=GD_jfe-BQKxtd1Gf?^CL0@P%TTdHj2n0gsIWK0&g3pdfD7H7jr2Qa$;{^&2
ze0m$M35*tCIe$QLG1vS9sEeG*0cnbra3fMPL)NqzlkK7a`J9SngJYL3-=I<9M*ZD^
zl`Xg1-#%ybZ9@q7qfPIhB>qTH(jiNLEtiuN_)<B;fvKDq*`Vm)%v7OR%%Y2wl5pDV
zQLJi5DUb+M?slW8@Ckc|=w<Nw?-KXENM$aXB^W2tcYj|X+<QN-o8u4?SFk!!0Ixkg
zE&gLZ8sn{tq4pa#MNhX1jtD?UQ=f&M9&*qf`;O(VSr$TV>H5b@P~O8wC&S*xVUp2f
zu=!5^`C$baDx0*z3oSKY$N?*Ik!9`mAS{ZVM+^-sjn4phnE@o>58LM+pkdbYn!J?`
zhN2$q*DwzLfFH}E9J}y#;;-d42C)ZuDgd66Z1GzBA;VxM6=y}_cG!=TOfR!PBfrxL
Fq_A}k{?Y&d

delta 567
zcmV-70?7T$1k41GAb&(=QcPh^WpY|=YiD{wY%oMkNN{*TWKu(OXli6wD>zPUQBpT^
zY)V%%RSIWuS4u>9FEDX)b24K{Zg5FLD^)c^Y)Mu@X?R3MP*!6vGcs*PbU1Q2a|$gj
zEg(*6O*BwvSw&PxZ&gz^YIkF3W>qsqI96&xX=E#TFmp*zIe#~6ayL^~H)9IS;z0Zp
zl6CtFIavr0LW($gTvVsm%ikM+3JN-<sRCTh@Y%2GE=>QEi&sij%Y)>wXcCw+1V7-S
zZe7_xY%6n7#SVVal15Dv3y|tc<aM09de+COGB8%}ji4{#Fk=x?PwWJ`!A8tm17>$?
z*K?L4=SW6CD1VRx*b=Xds{u7f-VIy!(|9&Pf0CE-b@c;fTo(CGm`zElh+ULM!f^JC
zLwVe(y|_7{jE}z>lG~YvW9Af!r(LX7t$;H;Qp&9tVP!GTPp*Gv_83E#!+u!~uMCW2
zIjBoy*a43D=*HU*Nj1w10o#H>S(JwG>Gg5B*Gb@J2Y*QrRiy-55I<ZoUN&ijih*o-
zU05R^_4#c8SoO*${Kg{jvw;NK=cx96-g!ZI6r8o-j|p>$>^3Io+-E-9=oe=paBQ?g
zIU70EG2w0xVxEgKCn}V`oHqFO7YGW3QW}$4n`@eYErV~*Lh8ai!gM)sp2Ul0bN#F>
z{V_>}$T0W*UEluzVc3q=;+~{ItEf0pxS2ZCkm4d_eelCj@zD{7nwwCXXo{}4nqJa@
F+!3+Y{saI3

diff --git a/sso-mfa/bootstrap/secrets.enc/lldap/secrets.env.age b/sso-mfa/bootstrap/secrets.enc/lldap/secrets.env.age
index f5f7f84a862c7265f3c017fda045cf1aa18be8a2..83d913c9bb991a3fed962f80dbb982c63f15db4c 100644
GIT binary patch
delta 704
zcmV;x0zduK1=IzQAb(7ED>*SRVli1VP&qk9H8m?SRc3TgZ$&h1ZEjL^cSS{MN@93#
zSVeS2MG9>+XLxHcYGyQNYf(2fdNp)pGI4EVXf<P0GdV9qOGh<NW^GI|M@Mc>NeV43
zEg*U^MNBhILP&ITb$MkkRdO;hIe0W=F=$j`S#nHKIb&B&Sbr;KSW-enYefn>TdzP6
zQ0*tWe#!!cbKdI=<afPl&6pVFw~-d@Kwr>I<U3N(*P3&?&4ZIxR)PblH!rUq@b9E2
z1lwQNo}ph>399c&OO8@r&0KXobR8x81P6xF`Z}f<E^0iKmIHwqvp5^9eQ`t*EJNjl
zvCb3tcJ4kp8-HB$@yHl=4&!^KiO68UagFi(9WYesHR{~l7q(4Z|A5+HBwlF(gE9zm
z8<Tf*2AyG|9fU7a3F<D%5_~C$1K=k>G=!vLefipd9rd(HL3LcaY^C-r&1_wCATz%o
zVfhE@m6^G#d&l5^M&84TzQjqAkZdG%+qjh-(BYB(kAJQF-r*>cIUrojmKy_07q1cn
zApZO|Mw0$$AYXTkxx2suSwgdnITEvm(3kE8O(9z_rOvo#zPiI4ovLVPb5mTk9f4~l
zage>?E&VM^kIE=-F03Fn`L{L?*FU^Of|MICe(z*-wyk0xO62qoS1}Rld#+tj-Zl@a
zASVl_ZGWfgnU#4GOcs|-{J!N4Jdhhqm_|DquF;%hTBJBq@jAEEf1Lm_CaAm1smv2l
zuUTJPC*T)>;rBhW-eR)-f4HYM7yC3A`UG2Lv=F1yYTG(q7~In!Eyo`|+X(dn@Fpd4
z+e0#(O3n<UlZK#pWklSn3QjF{zk-n|AgyT8T{*l`C(uG(*tkph&C`8+j)^{NVoy#W
mSM2-R7;q^H!tYD0H*vGfM~zdUbQA?Qd5`{1eP%t&GGK&I$T;Z$

delta 704
zcmV;x0zduK1=IzQAb)vMGDI^<H#jeLcQJ2hV`NxEOnEg)Pj5+eM=M5jQgb&&X>)gL
zGiOVAZwg~MVR%AWRC7jCG)Hk_Gg@SJHAi%7D=&FPbW2W1GBIgJOjR*eGi`WIa|$gj
zEg(x{FEDO7X=74Tc|}EIK}bqUWOy=GV|Fz|XKGA!V^ugtWPe&ga#k}#GF1xf&pFNX
zWm%7$w~Q2IR0}Of#1rev4r$JjCA~0so*xY0c|C+M`cLuhm)5KN=&^&=zEK(+|04P=
zTW8;k!Sm2FW&NC1GnAcobTPdKx`C5J<Ro%xGF*E5JxN!f?>9a@jv5(D{DG=CN*z^H
z1EEKTY~~^dVt;lNdj)3(Ge8IaEurE%$i0~|qdV5kP;%8(NRO>S_ASQiov>Qi%y_1R
zt1j=+0(gBuMNOU?lPjs(NEFZtfYX|^B&5zel%yIw$r!diY5U>T8fBOc5FPR{cyvR|
zRTZH$x!~N=f{_MK2(G4j!x##V{f|!@dvW8`k8wq;*?*xw;8Q%pbG6QAsaQ;qtj@yz
zd8_ROCxW)w@e8YFTkC|X()>1!uveo%Lwkn?q9gW=c+ds$gT*<I5fJyz0}P}k@-nl2
zs(DcXnJAW}W1u^~?D@pahLWozY+!wLPS(4Q4h_vzkr0_P=ypXmONc04UH*cQECVnQ
zjgQBGjel}L^NKCO`s$Dp=!DJ#pRP1)KKi`LT@I=;vhDcS${=1beS=b178H$3tZeW7
z<_Y`5Nuhd{48ANynGf?PD5{t2ozt9)lrdWUvl8r66`Qt#ktT%pJz7_^xvA}+vdT=)
z6!HmAl){*P;<-9(A=Y6AZ7aN@rR5dEpY52kpE;Q}R3F6~sDx~p$D$b-$VKv?=q}_j
m-!a|zQ08oMuzC&u=fScNlEmhS>#b<9ZAWyctah##*(fXuMo72-

diff --git a/sso-mfa/bootstrap/secrets.enc/postgres/secrets.env.age b/sso-mfa/bootstrap/secrets.enc/postgres/secrets.env.age
index dd0a3c4f6439f3e6add1c064fb2d5fde3318960d..47c1c05758ff021896d84abf216ca031dbdf6a04 100644
GIT binary patch
delta 573
zcmV-D0>b^$1kwbMAb(O!P<BH>V>V|wO)F7oVKGK(FEDCpF>i8ZS7vQ;IdnpJOjK`c
zZe({ya|$tNYfpA`X<2erXGm^%YC<tiLN{(SSYcr_M?rITQdcl-Y&LFMdTvW|NeV43
zEg&~AT3JRhXIMB-L{V-_HfwZadUQ}ocuPubMO9BhFK{_YNPjhGLse5^O-Tw`h({l|
zyhsp&1%UYx^@67pAFJ#9IZ*g0(ZM!nthE3IIjSXZb!O*!ThkwAnlzGa(j9Q#w~D0N
znoqgWS1+<*>}_VySiPX4?rZ?Ob_D@6NjiikRm3eFL{&JtVcOtWig=gq!c+APy@T%X
zOxJU?<yM0LE`K{x?t;pD0wqpD-5hOLrFZJH&9)}Dd%WbJ^7Am;@liCa5G$&DE6gPv
z#tLO=RN$lRwja6fBBGp`0mwBU7}5jLFa|#{|Kpu90x|@au?BWf`c9xHwJ(vMl3<hA
zMFtv9OdlYWY_z<DaPx9-hx2w*JqVpf1BSQ*8lBy6tbhGL^I^0jGsq#{*B=S7sloT=
z#+$sbUBi#_zmOS`Q{Frw(Vv2QB&8nOOW~(SB*?NMi;A)NiC;F`@v_PAY2s0%2bQtr
zH4_5vt!WMrVgiJbloWsYJ7pCj>Ga`@v(MzA&V;8&O5qhNAp#3#=G;L51<Jeb(IEla
zHHjWJayCiV8pL>A865;<n;^Fyf);dWmC+b3<!}nl5_{naq93}Ah#d}h@BiZ>Wg(Fn
L)I9ieC|#eIn!Ww6

delta 573
zcmV-D0>b^$1kwbMAb&Y9M{FxoLP1kPWJ^J4b#-uJNjEWcc5^UNGb=G`Iazr)D@9~y
zT5E55Q3_5~LPdIUFimJMb5cb@VoPC3F>5$uPgHD6Ge$``HFR-CacgH}NNq_^a|$gj
zEg(vBG%-_CFhy%GY-LMzH%(MQS28nBG)YNKVRLw6Z#gz@Q-3&1GFM4adQ}RRCad<L
z;SsIPt`+}rgF!8I_mAz*jg1ehyKbF~50F{|!BVe9Qh+V=!PI>|rc)a@yX9KVmYDW;
z-wet1{Am?Qp+Mr@^6r$HQ_g_hsJ>B6c-y<gSpMl`Hqk{5&~sFVPWkgC1?yzu0T@dm
z0l~3=eN;|U1Am?%lPP+^=Itdj(g2V1$?<b3@Y~7NG5Gr-MdZg5*JXDj0|Z3Nv%|SJ
z<tO66RjwQxD*8UW_Pp*V%Bf`rVIdI-e80j@f8Z}Knq&iCfkIg0Dw1U+PELf6Q74F4
zNZzRfLV-?KgIqO@lH7kjx4goj`Q9)^h%Gj$-<3a+)PEu+UF!;&UYwNeo)E54#eiup
znP`|o{N(X-YF`F(t_e0w6<8isig+-VE#vq|0a(NZFW+$fBfnpy@L-h$BE^x4rs8#^
z<oXQ>DThvo?WCW75cVomdyKc*jd}2H1MdeNs^#nuQ`rnG1hBu(QWA{7LTVMo<9EM7
ze%wE)9X2)Ibrv2b=$nf3zl=xc%P{n8im}p~^ySfefZq)^%66D|1%mAXPay~$HR`Wn
LD<&TRAVl(GzWM?D

diff --git a/sso-mfa/bootstrap/secrets.enc/privacyidea/secrets.env.age b/sso-mfa/bootstrap/secrets.enc/privacyidea/secrets.env.age
index 194a3a1116bb1aa100b7f4b02e2dd19bb72c7583..e2f402d067cbb4d3186f7c69d48f82954bfdf07a 100644
GIT binary patch
delta 1126
zcmV-s1eyEy2=@q(Ab&Yba7l4^V`yegX;nmWD>-ptNoz()NqAC4SVMSGXiG(7WlT~q
zVnKLBa|%OpD?uxAF)?jrVKX^$X;n`)Q$lk_IZkG2PiJOKNM<%LMsRducy>1{cM2^n
zEg(y9HbFykL}g=DcTsLKF-<TzdUIw`LSjQ{LRmv?VnlOyM}J~)V|h1oVnGU9-HojS
z`4NyhC8~NCi~4YOG*ID^KEy}jWlu@_&nqlY{qQl@{Il*!V@yURMew?W5DE8QgY3ny
ztJO^DjmFK{dT_Z_Xq+8t9Za6uJ%1Jui*q;!^G|=fE2UD#J3UYw=P3_ov;hhe46jV&
zFaJQ|rrxgZaevTnu`ErXNhDeVbtT#V?h+Nn1x)u){dp*M_|8dq$rYZ)FRl>U0rh;L
zz5NJ1z!}#gX_}2@LL_XAITX)d$==dI1OuE*cA?GnWJWd|3}0~QP#c0)uG#<XC|y3*
zo$(n+P)XmYBR^?BXo!h^9d#8nu|k(hFGdIk9aTj<uYWS5sIX%I>U{hPfk?bA-pmZW
zs@Em(4+~7(ZI9^}B2PH-mYXFj@&&4OLjGI!vlLC6XjNp0Ku^9dCz8bl_XN?|YS&4w
z<lDi?f}=wcKV9wQ_{qQg^TX7@ZKUD^u`drXsNX4?j@R4+F|U^?m16g%#Y5*5cJ5AD
zTCdW2@PFNil)}cO8Q|q}?J#4Fq=jJPg;7$bk5QJR9p?bR<fxdXp_|l!rKSLD4F?_*
zFb8EK{w^;nU<|1*&R2WUUJvF_40gDgk1Y7Mc3$#40utV8vY{fgPJW$NJ};u{jJmv|
z!DnYC_4NVN<-=G$1a}$WoYOPdul;K)k_#nHMSq=Pj;B%e{N0sQ`h*tZf@~UbsZ5k9
z7}KFYL3VV!EXePB@~oWY<4LY$-KW!6&u?vAFMo*u*DGHWq=L{GE#ORE!3<!cs#+CP
zh#?vibL*&W*&|2E8nCDYy!cO_a2V{$^gVT1h8+fqlllU$EXtw($9F7(A<Juf8;h=1
zxPN*v3}!hlmpk*&P)WS@mBQ%oq}}KH6|X&J7`lP|g$f##MV18w_I7Gn{9X5i-Q+Bi
zqSkPwuO$0jF=@6YEZy{&QF!{Y*D=A|Q+FlBs&YE0rsnJ7(3VY$mNHUfvY47?JK{ba
z;`?iCJ>>#V=U_J=Q^QSP&u8k5oXQueqkqS~m?|#*=Q9GiNf#YjR;Es67;2e}+8sst
zxKcd8!cP&o&OfOKe4;~{no?H0biCy~(LnSZai2Hsx6>VzBbs>5PcMde)1&nQT=;5G
z%MFp-vT56vnNiUnvqh6Bt1o#vwWILVyDgOA6#jJ5c!dp3w$x~Wq!=La*ri*VMPELB
zul7FWtBxR-KEL$uvcw-mad#I01<G7YM(%?^%=s{Yh|Bxg%!h&0g88Gp6X8k7g0)J=
sebsE4>i!DFG|00e>xTo|>9PX1YPy`=;SN)TGI{<*o++qI3D=wBFsB9{3jhEB

delta 1126
zcmV-s1eyEy2=@q(Ab&++dN*Z8c4ta?O-oB<NKiLMLRc$ML`q|0Qbut?S7CBYFnUR7
zZe&DvK?+k+a%pIKOjcP*Lque6FG5vuIAc*}c`|D;Q*Lf!Q+iZVHE>N=N;EfgZwf6f
zEg(}%XLL0+P)AQwNp^QKIcaP|YC}0=Z9;f3WN|@rNjEoXMSpcKId?)$WpfIT9|f@|
zNEo7ZFPpE2NO^7<?u_x*DypFcpcq+KxO3e2Mf6>Q4atXrGbzE%#gr}<wGezwtedF~
z=+v1LulT1NCD^;{hU^wr0zoI=Gw-4Y2Xn3rGx-|4L)p(qYUdetmsYD!EX!?fYxqQ~
zxI&S?Yl|Ng)_?cJEec`?7{~LYklx%C*l*m!-f96&IgUyhq_rtvaA(Kcr~L#6+17gO
zv16@-|ICETW3Z^JoZh8>7i@vg%r4m~3a(^28}KkE$Rb6;wj;`3dV-u~UKUsR)@>Ys
z1Vgs5pV22P)A4Uk8&MKmIZ6G5qd54RuPs~wH%3sgbbmL%*yEl?@i)5*$@tzO_?U|u
z7N>bG%ok17Xr~8Fr-JSiaUweuQUjDryUTV&0|k7Qo=CP?Ig@GqfMx-3k%x*d>fk_j
z(jsj+%Twc7K%3N!7KG6%>sVguX{_`j0WMp+OB#7mZ~D`1Hgrf6AZib6OwJ_lTuL$J
z`A;x`8Gl{5zoMC=>Ae`s-Z5FLS}%umsms{`Crw3IN=Bf8AV&f%F?+?Xpm<wpR=eBm
z*!F{B=+PZ+fNh!~)JKt#m^L<5<rH?#?QyND1Qfkd)U&`qX%}bT%lH!7mp>RD%tg#|
zzj{FFP6fvzAHXx^)@-ZrhX~(m8Nl>0nRJ0t34fT`!D6?a9^qn~lx~&G17PZ8%U(U@
z@L+lNmJ2?NK%a0$N+1p|*}1HVR-LWgAGMB4upnOP41p9h^O!)IEUMS--mM6Tr_tVr
zau{JVmNNfI7&8fE<vfz|;QtgO&-n(ipVr7C+@uEW4;0nv)hbS)afI1?%n&Kq?tE(j
zRDX+NqtB5IYsFfCdI}b6RZ(UJ3LOnd3BMcRt6aM>L~e9sgdBoWPY2%(9HA70;o<H&
z^f#<Rgh4zmNfs6$0MRw;?@NhZJg7V7S-Dpr`RWI`yW{xIH`JEk{T+}><^&~h{|PK;
zDZ>6t1d8HpBG;Dm1>}ajX7gpr3QrYCB!7q_aIpf(vOGAa2KgXC`0D3@yf%TD>I(w}
zyUvwc=O8Ne4B^h`@fasyO8AfGJ@}SYOyhk7li~jFC|~wa0)mpQ)KSXL)Q;=|=czmu
zeAP@+3MlKNbaR!swt<yO%3DE}X)&ShAT#HZS2Lc_Ib<G&c)LseRJ*T4j-GoRLSI=G
z<-<CS<?6dTlWcYCjPDM@-xR%2lm-z1(YuYZI;&{`<Xhm=BmClHZN@-8mB14afF33+
sba^!p^js~6y1EMRF@yAaXV^3tH==0Ydk0rkDR66JL=RJ5*<qf~eRm`a1ONa4