coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restructure bootstrap UI around artefact model

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-25 11:49:51 +02:00
parent 07c98b564a
commit 4982c92fb1
3 changed files with 769 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tools/security-bootstrap-console/README.md
View File

@@ -76,6 +76,22 @@ python3 tools/security-bootstrap-console/security_bootstrap_console.py \
Open `http://127.0.0.1:8765`.
The web UI is structured as:
1. **Roles & Responsibilities** - global bootstrap roles with designated
operator emails.
2. **Subsystems & Scope** - installation and initial access for LLDAP,
privacyIDEA, KeyCape, the custodian age envelope, and Railiance OpenBao.
3. **Integration & Tests** - OIDC and OpenBao preflight checks, with every
operator command shown as a copyable console block.
4. **Artefacts & Locations** - final non-secret overview of established
artefacts and where to find their custody references.
Role, subsystem, integration, and artefact records use the same fields:
`name`, `description`, `subsystem`, `responsibility`, `location`, and `state`.
States are `nil`, `set`, `err`, and `ok`. Role chips expose the designated
email as hover text.
The UI is a guide and approval surface, not the identity provider. Current
lightweight-mode credential placement is:

878
tools/security-bootstrap-console/security_bootstrap_console.py
View File

File diff suppressed because it is too large Load Diff

6
workplans/NET-WP-0015-platform-root-custody-and-openbao-identity-bootstrap.md
View File

@@ -230,6 +230,12 @@ panel now explains when to run Railiance preflight, init/unseal,
post-unseal configuration, root-token disposition, and restore proof. The
console still refuses to capture root tokens or unseal shares.
**2026-05-25:** Restructured the bootstrap UI around the operator mental model:
Roles & Responsibilities, Subsystems & Scope, Integration & Tests, and
Artefacts & Locations. Role, subsystem, integration, and artefact rows now use
the same `name`, `description`, `subsystem`, `responsibility`, `location`, and
`state` fields, and console commands are shown as copyable command blocks.
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
custodian age-key bootstrap model to the control surface. The UI now records
the custodian public age recipient, a derived fingerprint, and a non-secret