Files
net-kingdom/.claude/rules/stack-and-commands.md
tegwick 9a7d10f840 Repo hygiene: fill stack-and-commands, normalize workplan statuses
- Fill .claude/rules/stack-and-commands.md (was an empty TODO template)
- Normalize workplan frontmatter statuses to canonical vocabulary
  (completed/done -> finished) per ADR-001
- Repair glued frontmatter delimiter in NK-WP-0001 (superseded_by line)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 00:21:49 +02:00

1.0 KiB

Stack

  • Language: Kubernetes manifests, Bash Make targets, SOPS-encrypted secret custody
  • Key deps: Keycloak (SSO/MFA), age/SOPS, KeePassXC-based credential custody, repo-local git hooks

Dev Commands

make help                  # list all targets
make hooks && make hooks-test          # secrets-guard git hooks
make check-secrets         # fail if anything under secrets/ is unencrypted
make sops-edit FILE=secrets/foo.yaml   # edit encrypted file
make sops-custody-check    # validate custody age key without writing to disk
make sops-custody-run COMMAND='...'    # run one command with temporary custody key
make creds-init            # one-time credential custody setup
make creds-generate        # generate service secrets + KeePassXC guide
make creds-bundle          # age-encrypt ops bundle for offsite storage

Credential material never lands in Git, State Hub, or logs — the hooks and check-secrets enforce this. Deployment of identity services runs through the S2/S5 railiance repos, not from here.