Commit Graph

3 Commits

Author SHA1 Message Date
85a781b7a4 NET-WP-0020 finished: attended-ceremony + auto-unseal-transit profiles, greenfield init/unseal proof
T2: greenfield live proof against a fresh uninitialized OpenBao 2.5.5 —
caught and fixed 'bao operator unseal -' not reading stdin (now
'bao write sys/unseal key=-'); init and reseal-replay paths proven.
T3: attended-ceremony selectable — runbook, non-secret ceremony-record
template + validator, and a lab/production deployment profile that blocks
sops-held-automation in console selection, gates, and the init script.
T4: console gate + evidence flags for auto-unseal-transit (Helm seal stanza
prepared in railiance-platform).
Also: SCOPE.md refreshed to current repo state; adhoc fix for the broken
check-secrets Make target (unescaped $).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 22:08:33 +02:00
5a5eb482d4 docs(NET-WP-0020): T5 automation ready; operator apply is next gate
Update workplan T5 to progress and assessment next-actions for live cluster
apply before WP-0008 warden sign smoke.
2026-06-18 01:06:43 +02:00
6336c28626 docs: persist OpenBao/SSH/bootstrap state assessment in history
Capture live vs greenfield tracks, unseal custody models, console S6
interpretation, repo ownership, and ordered next actions before NET-WP-0020 T5.
2026-06-18 01:01:50 +02:00