Guide OpenBao custody ceremony order

This commit is contained in:
2026-05-25 02:02:14 +02:00
parent 83cf2111c1
commit e45dd4f9eb
5 changed files with 115 additions and 27 deletions

View File

@@ -30,7 +30,9 @@ Live initialization is blocked unless:
- king credential kit is complete;
- custody mode is selected;
- offline custody packet is prepared;
- recovery material is prepared for the selected custody mode;
- offline custody packet is prepared for the selected custody mode;
- selected custody mode is explicitly approved;
- OpenBao pod and PVC preflight passes;
- OpenBao reports `Initialized: false` and `Sealed: true`;
- operator has acknowledged no secret output enters unsafe channels;