generated from coulomb/repo-seed
40 lines
1.3 KiB
YAML
40 lines
1.3 KiB
YAML
# Credential state — net-kingdom SSO/MFA stack
|
||
# Safe to commit. Contains no secrets. Updated by agent.
|
||
# schema_version: 2 = agent-driven model (NK-WP-0005)
|
||
# schema_version: 1 = human-as-operator model (NK-WP-0004, now retired)
|
||
|
||
schema_version: 2
|
||
agent_mode: true # NK-WP-0005: fully automated
|
||
|
||
# Phase tracking
|
||
age_key_present: true
|
||
secrets_generated: true
|
||
ops_bundle_created: true
|
||
ops_bundle_location: "/home/tegwick/net-kingdom/ops-bundle-20260321T114353.tar.age"
|
||
|
||
# Emergency bundle
|
||
emergency_bundle_delivered: true # human confirmed receipt
|
||
emergency_bundle_delivered_at: "2026-03-21T12:09:34+00:00"
|
||
|
||
# Cluster injection (per-component)
|
||
secrets_applied:
|
||
postgres: true
|
||
lldap: true
|
||
authelia: true
|
||
privacyidea: true
|
||
keycape: true
|
||
|
||
# Post-apply bootstrap (agent-run when pod is Ready)
|
||
enckey_bootstrapped: true
|
||
pi_admin_created: true
|
||
|
||
# OpenBao init/unseal (NET-WP-0020 T2, sops-held-automation lane only).
|
||
# false here because the current cluster's OpenBao was initialized via the
|
||
# attended ceremony (NET-WP-0015–0017), not this automation path. These flip
|
||
# to true only when Phase 7b runs on a greenfield rebuild.
|
||
openbao_initialized: false
|
||
openbao_post_unseal_verified: false
|
||
|
||
# Derived: all true → bootstrap complete
|
||
bootstrap_complete: true
|