generated from coulomb/repo-seed
Patch KeyCape OpenBao client without bootstrap secrets
This commit is contained in:
@@ -327,6 +327,12 @@ script through `bash`, uses absolute repo paths, and wraps the sequence in a
|
||||
fail-fast heredoc so a failed config generation does not continue into a
|
||||
KeyCape restart or verification.
|
||||
|
||||
**2026-05-26:** Removed the KeyCape OpenBao client action's dependency on
|
||||
decrypted bootstrap secrets after the operator correctly hit the absent
|
||||
`sso-mfa/bootstrap/secrets/` directory. Added a focused live Secret patcher and
|
||||
verifier for the `openbao-admin` client so this non-secret client addition can
|
||||
be applied without decrypting the full bootstrap secret bundle.
|
||||
|
||||
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
|
||||
custodian age-key bootstrap model to the control surface. The UI now records
|
||||
the custodian public age recipient, a derived fingerprint, and a non-secret
|
||||
|
||||
Reference in New Issue
Block a user