# Credential state — net-kingdom SSO/MFA stack
# Safe to commit. Contains no secrets. Updated by agent.
# schema_version: 2 = agent-driven model (NK-WP-0005)
# schema_version: 1 = human-as-operator model (NK-WP-0004, now retired)

schema_version: 2
agent_mode: true               # NK-WP-0005: fully automated

# Phase tracking
age_key_present: true
secrets_generated: true
ops_bundle_created: false      # age-encrypted bundle created
ops_bundle_location: null      # path or storage hint

# Emergency bundle
emergency_bundle_delivered: false   # human confirmed receipt
emergency_bundle_delivered_at: null

# Cluster injection (per-component)
secrets_applied:
  postgres:    false
  lldap:       false
  authelia:    false
  privacyidea: false
  keycape:     false

# Post-apply bootstrap (agent-run when pod is Ready)
enckey_bootstrapped:  false
pi_admin_created:     false

# Derived: all true → bootstrap complete
bootstrap_complete: false