generated from coulomb/repo-seed
Verify KeyCape discovery without container wget
This commit is contained in:
@@ -333,6 +333,12 @@ decrypted bootstrap secrets after the operator correctly hit the absent
|
||||
verifier for the `openbao-admin` client so this non-secret client addition can
|
||||
be applied without decrypting the full bootstrap secret bundle.
|
||||
|
||||
**2026-05-26:** Fixed the focused KeyCape OpenBao verifier after the live
|
||||
KeyCape image lacked `wget`. The verifier now checks the live Secret and then
|
||||
uses a short local `kubectl port-forward` plus Python HTTP request for OIDC
|
||||
discovery, avoiding assumptions about tools installed inside the KeyCape
|
||||
container.
|
||||
|
||||
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
|
||||
custodian age-key bootstrap model to the control surface. The UI now records
|
||||
the custodian public age recipient, a derived fingerprint, and a non-secret
|
||||
|
||||
Reference in New Issue
Block a user