Files
net-kingdom/sso-mfa/bootstrap/creds-state.yaml

40 lines
1.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Credential state — net-kingdom SSO/MFA stack
# Safe to commit. Contains no secrets. Updated by agent.
# schema_version: 2 = agent-driven model (NK-WP-0005)
# schema_version: 1 = human-as-operator model (NK-WP-0004, now retired)
schema_version: 2
agent_mode: true # NK-WP-0005: fully automated
# Phase tracking
age_key_present: true
secrets_generated: true
ops_bundle_created: true
ops_bundle_location: "/home/tegwick/net-kingdom/ops-bundle-20260321T114353.tar.age"
# Emergency bundle
emergency_bundle_delivered: true # human confirmed receipt
emergency_bundle_delivered_at: "2026-03-21T12:09:34+00:00"
# Cluster injection (per-component)
secrets_applied:
postgres: true
lldap: true
authelia: true
privacyidea: true
keycape: true
# Post-apply bootstrap (agent-run when pod is Ready)
enckey_bootstrapped: true
pi_admin_created: true
# OpenBao init/unseal (NET-WP-0020 T2, sops-held-automation lane only).
# false here because the current cluster's OpenBao was initialized via the
# attended ceremony (NET-WP-00150017), not this automation path. These flip
# to true only when Phase 7b runs on a greenfield rebuild.
openbao_initialized: false
openbao_post_unseal_verified: false
# Derived: all true → bootstrap complete
bootstrap_complete: true