generated from coulomb/repo-seed
Guide OpenBao custody ceremony order
This commit is contained in:
@@ -57,6 +57,9 @@ notification/setup contact are all known.
|
||||
The custody packet is separate. It is the offline OpenBao ceremony envelope:
|
||||
selected custody strategy, recovery-material references, init checklist,
|
||||
unseal-share assignment slots, root-token disposition plan, and signature/date.
|
||||
Select the custody strategy first, prepare recovery material and the custody
|
||||
packet for that strategy, then approve the strategy. Only after that approval
|
||||
should the OpenBao preflight/init sequence begin.
|
||||
|
||||
Secret capture is an architecture gate, not a user checkbox. The control
|
||||
surface must not request or store passwords, OTP seeds, recovery codes, private
|
||||
@@ -164,6 +167,12 @@ python3 tools/security-bootstrap-console/security_bootstrap_console.py openbao-p
|
||||
|
||||
This still does not run `bao operator init`.
|
||||
|
||||
OpenBao itself is operated from the Railiance runbook. Public ingress is
|
||||
disabled, so the live ceremony uses Railiance `make` targets, `kubectl exec`,
|
||||
or an operator port-forward. The local UI can record non-secret milestones
|
||||
such as preflight passed, initialized/unsealed, root-token disposition, and
|
||||
restore drill passed; it must never record root tokens or unseal shares.
|
||||
|
||||
Optional non-secret metadata can be supplied:
|
||||
|
||||
```bash
|
||||
|
||||
Reference in New Issue
Block a user