Split OpenBao initial config progress

This commit is contained in:
2026-05-25 15:14:59 +02:00
parent 9afe30f49f
commit b9bad47a21
2 changed files with 41 additions and 5 deletions

View File

@@ -253,6 +253,10 @@ block into an explicit taint model. Affected artefacts and downstream command
cards are shown with a light red background and retain the source reference, but
the operator can still proceed deliberately on a tainted workpath.
**2026-05-25:** Split OpenBao initial configuration from root-token disposition
in the bootstrap console. The initial config command can now be recorded as
applied while root-token revocation/escrow remains a separate gate.
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
custodian age-key bootstrap model to the control surface. The UI now records
the custodian public age recipient, a derived fingerprint, and a non-secret