Clarify OpenBao rotation flow

This commit is contained in:
2026-05-26 00:09:19 +02:00
parent 8520ae8d7d
commit d0c7ff9f3b
2 changed files with 15 additions and 2 deletions

View File

@@ -290,6 +290,12 @@ open an interactive pod TTY, prompt there for a root/sudo-capable OpenBao
token, keep the token out of the local command line, and then run rotate init,
share submission, or cancel.
**2026-05-26:** Added an explicit rotation-status action and clarified the
rotation flow after the operator successfully started rotate-keys and then hit
`rotation already in progress` by rerunning init. The UI now says init is a
run-once step and that the next step is checking status or submitting existing
shares with the nonce until quorum completes.
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
custodian age-key bootstrap model to the control surface. The UI now records
the custodian public age recipient, a derived fingerprint, and a non-secret