|
|
f3147186e9
|
feat(NET-WP-0018-T06): align control surface - refresh console lifecycle_guide T06 DRY-RUN to 0019 orchestrator + new smooth guide
- Updated print_lifecycle_guide in console.py: replaced old manual secret-mkdir steps (pre-0019) with preferred make security-bootstrap-onboarding-dry-run + dry-run-nonroot-user.sh + validate + claims + cleanup. References docs/smooth-bootstrap-guide.md Step 7 + NET-WP-0019.
- Workplan T06 start note + in_progress (alignment per T05 guide + T03 recs; leverages existing 0019 validators/console for passive->validator).
- Pragmatic: progress log, file notes, this commit.
- This makes the printed guide align with T05 consolidated guide, deprecates fragile manual path.
T06 alignment complete for guide/control surface. Next T07 tests (use new guide + 0019 as cases) or T04/T08.
|
2026-06-03 16:59:39 +02:00 |
|
|
|
92bf7d1d1c
|
NET-WP-0019: implement T05 (OIDC claims helper + integration in script/console) and T06 (add dry-run to runbook_payloads for web-ui exposure; cross-link update in 0018 T07). Update workplan notes.
|
2026-06-03 07:10:56 +02:00 |
|
|
|
23af9b0a84
|
NET-WP-0019: fix arg parsing in orchestrator for --cleanup-only early, fix delegate path in console cleanup command.
|
2026-06-03 02:21:22 +02:00 |
|
|
|
140fff6773
|
NET-WP-0019: register T06-adjacent polish workplan + implement core (orchestrator script, safer secret fallback in create-user, console dry-run + cleanup commands, make targets, cross-link from 0017 T06). See workplan file for task status.
|
2026-06-03 02:17:55 +02:00 |
|
|
|
fe052f3a37
|
polish: T06-adjacent improvements to lifecycle flow (add onboarding-dry-run-template + concrete T06 dry-run execution section in lifecycle-guide; wiring for parser/dispatch/status/Makefile for consistency with T05)
|
2026-06-03 02:11:56 +02:00 |
|
|
|
1f0e8490fd
|
NET-WP-0017: implement T05 first user lifecycle operator flow (console template+guide, evidence, validate support, docs integration)
|
2026-06-03 01:55:43 +02:00 |
|
|
|
5e7844debd
|
NET-WP-0017: complete T03 Close Trial Taint And Retire Bootstrap Admin Paths + T04 Harden (evidence, console template, metadata flags, inventories, reviews)
|
2026-06-03 01:50:29 +02:00 |
|
|
|
0ab7c14ec9
|
Add signed custody roster workflow
|
2026-06-02 01:11:42 +02:00 |
|
|
|
31e6d6660f
|
Add NET-WP-0017 T02 closure validator
|
2026-06-02 00:24:18 +02:00 |
|
|
|
cd82285efe
|
Require emergency drill evidence validation
|
2026-06-02 00:08:16 +02:00 |
|
|
|
6bd822ae71
|
Require concrete OpenBao restore evidence
|
2026-06-01 23:57:00 +02:00 |
|
|
|
dc4fe883a5
|
Add OpenBao authenticated proof runbook
|
2026-06-01 22:46:15 +02:00 |
|
|
|
c48e076429
|
Close OpenBao OIDC admin bootstrap path
|
2026-06-01 21:20:53 +02:00 |
|
|
|
ed991860fa
|
Fix interactive MFA repair prompt
|
2026-05-29 03:18:44 +02:00 |
|
|
|
c7b82df267
|
Add KeyCape privacyIDEA token repair flow
|
2026-05-29 03:07:17 +02:00 |
|
|
|
d797ce5b62
|
Improve OpenBao OIDC login callback command
|
2026-05-29 02:31:54 +02:00 |
|
|
|
dafcd329b2
|
Fix OpenBao public route action state
|
2026-05-29 02:22:52 +02:00 |
|
|
|
cac59a37c1
|
openbao and itsec tooling integration
|
2026-05-27 18:56:30 +02:00 |
|
|
|
1edcfbb17d
|
Use helper for OpenBao OIDC auth setup
|
2026-05-26 03:02:08 +02:00 |
|
|
|
59c924bc18
|
Patch KeyCape OpenBao client without bootstrap secrets
|
2026-05-26 02:36:04 +02:00 |
|
|
|
1267df148a
|
Harden KeyCape OpenBao client action
|
2026-05-26 02:22:24 +02:00 |
|
|
|
f3c8d70270
|
Split OpenBao admin identity tasks
|
2026-05-26 02:13:55 +02:00 |
|
|
|
9dc7e140b8
|
Refine OpenBao taint resolution
|
2026-05-26 01:50:57 +02:00 |
|
|
|
500e616202
|
Add OpenBao admin identity stage
|
2026-05-26 01:17:42 +02:00 |
|
|
|
cfd8231849
|
Add OpenBao admin token action
|
2026-05-26 00:23:06 +02:00 |
|
|
|
d0c7ff9f3b
|
Clarify OpenBao rotation flow
|
2026-05-26 00:09:19 +02:00 |
|
|
|
8520ae8d7d
|
Fix OpenBao rotation commands
|
2026-05-25 23:56:55 +02:00 |
|
|
|
d39dbe14b8
|
Add bootstrap stage rail
|
2026-05-25 23:36:45 +02:00 |
|
|
|
cd043ca471
|
Refine bootstrap actions and runbook templates
|
2026-05-25 23:10:02 +02:00 |
|
|
|
82d69e006f
|
Add OpenBao restore drill actions
|
2026-05-25 18:48:23 +02:00 |
|
|
|
e2540529f0
|
Add OpenBao emergency lockdown runbook
|
2026-05-25 18:31:48 +02:00 |
|
|
|
b9bad47a21
|
Split OpenBao initial config progress
|
2026-05-25 15:14:59 +02:00 |
|
|
|
9afe30f49f
|
Show compromised OpenBao paths as tainted
|
2026-05-25 14:57:53 +02:00 |
|
|
|
907675b4f4
|
Track OpenBao post-unseal verification
|
2026-05-25 14:30:57 +02:00 |
|
|
|
d964cf46a3
|
Fix OpenBao unseal command card
|
2026-05-25 13:54:21 +02:00 |
|
|
|
7a060a0ee6
|
Add OpenBao compromise runbooks to bootstrap UI
|
2026-05-25 13:38:03 +02:00 |
|
|
|
976f399342
|
Refine bootstrap responsibilities and command states
|
2026-05-25 13:13:47 +02:00 |
|
|
|
4982c92fb1
|
Restructure bootstrap UI around artefact model
|
2026-05-25 11:49:51 +02:00 |
|
|
|
07c98b564a
|
Show OpenBao ceremony as next action
|
2026-05-25 10:50:24 +02:00 |
|
|
|
e45dd4f9eb
|
Guide OpenBao custody ceremony order
|
2026-05-25 02:02:14 +02:00 |
|
|
|
83cf2111c1
|
Clarify bootstrap custody UI flow
|
2026-05-25 01:25:47 +02:00 |
|
|
|
d555a33695
|
bootstrapping guidance ui and missing stuff
|
2026-05-24 17:04:15 +02:00 |
|
|
|
1d0b0e7330
|
openbao king credential bootstrapping
|
2026-05-24 09:26:02 +02:00 |
|
