Fix OpenBao rotation commands

This commit is contained in:
2026-05-25 23:56:55 +02:00
parent d39dbe14b8
commit 8520ae8d7d
2 changed files with 43 additions and 6 deletions

View File

@@ -284,6 +284,12 @@ state. The stage model now moves from S3 to S4 after OpenBao initial
configuration, root-token disposition, and restore drill are complete, then to
S5 only when the platform is explicitly reopened under custody.
**2026-05-25:** Corrected the OpenBao rotate-keys action cards after the
operator hit `permission denied` on rotation init. The rotation commands now
open an interactive pod TTY, prompt there for a root/sudo-capable OpenBao
token, keep the token out of the local command line, and then run rotate init,
share submission, or cancel.
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
custodian age-key bootstrap model to the control surface. The UI now records
the custodian public age recipient, a derived fingerprint, and a non-secret