generated from coulomb/repo-seed
27 lines
996 B
YAML
27 lines
996 B
YAML
# Credential state — net-kingdom SSO/MFA stack
|
|
# This file is SAFE TO COMMIT. It contains no secrets.
|
|
# Updated automatically by make creds-* targets and sso-mfa/bootstrap/creds-verify.sh.
|
|
#
|
|
# keepass_confirmed is the only field that requires manual operator intervention.
|
|
# Set it to true after you have entered all generated secrets into KeePassXC.
|
|
|
|
generated_at: "2026-03-20T02:57:00+00:00"
|
|
bundle_at: null
|
|
keepass_confirmed: false
|
|
|
|
secrets_applied:
|
|
postgres: false
|
|
lldap: false
|
|
authelia: false
|
|
privacyidea: false
|
|
# keycape requires PI_ADMIN_TOKEN from post-privacyIDEA T04 bootstrap.
|
|
# Run: sso-mfa/k8s/keycape/create-pi-token.sh, then re-run keycape/create-secrets.sh.
|
|
keycape: false
|
|
|
|
# enckey_bootstrapped: set by sso-mfa/k8s/privacyidea/enckey-bootstrap.sh
|
|
# This step is TIME-SENSITIVE — it must run while the privacyIDEA pod is live.
|
|
enckey_bootstrapped: false
|
|
|
|
# pi_admin_created: set after sso-mfa/k8s/privacyidea/bootstrap-admin.sh completes
|
|
pi_admin_created: false
|