Clarify bootstrap custody UI flow

This commit is contained in:
2026-05-25 01:25:47 +02:00
parent 711c451d43
commit 83cf2111c1
3 changed files with 160 additions and 38 deletions

View File

@@ -216,6 +216,13 @@ showed issuer `https://kc.coulomb.social`, audience
bootstrap progress now records both MFA enrollment confirmation and OIDC login
verification.
**2026-05-25:** Reworked the bootstrap-console flow after operator review. The
UI now follows the use case top to bottom, hides hardware-token storage unless
the selected policy uses hardware tokens, specifies the exact recovery material
contents, distinguishes recovery material from the OpenBao custody packet, and
turns "no secret capture" into an automatic control-surface boundary gate
rather than a user checkbox.
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
custodian age-key bootstrap model to the control surface. The UI now records
the custodian public age recipient, a derived fingerprint, and a non-secret