generated from coulomb/repo-seed
WARDEN-WP-0005: OpenBao-first documentation alignment
Document OpenBao as the platform production secrets service while keeping the vault-compatible warden.yaml config shape. Update OpsWardenConfig, SCOPE, and CertCommandInterface cross-references.
This commit is contained in:
63
workplans/WARDEN-WP-0005-openbao-doc-alignment.md
Normal file
63
workplans/WARDEN-WP-0005-openbao-doc-alignment.md
Normal file
@@ -0,0 +1,63 @@
|
||||
---
|
||||
id: WARDEN-WP-0005
|
||||
type: workplan
|
||||
title: "OpsWarden OpenBao-First Documentation Alignment"
|
||||
domain: custodian
|
||||
repo: ops-warden
|
||||
status: finished
|
||||
owner: codex
|
||||
topic_slug: custodian
|
||||
created: "2026-06-17"
|
||||
updated: "2026-06-17"
|
||||
state_hub_workstream_id: "57f6ebf8-0ef3-4686-9a73-3f9d38288be9"
|
||||
---
|
||||
|
||||
# WARDEN-WP-0005 — OpenBao-First Documentation Alignment
|
||||
|
||||
**Scope:** Update ops-warden documentation so production guidance names OpenBao
|
||||
as the platform secrets service while preserving the existing `backend: vault`
|
||||
config surface (Vault-compatible SSH secrets engine API). No code changes.
|
||||
|
||||
**Out of scope:** VaultCA backend rewrite, OpenBao SSH engine deployment in
|
||||
`railiance-platform`, AccessManagementDirective canon updates.
|
||||
|
||||
**Reference:** `RAIL-PL-WP-0002` — Railiance standardizes on OpenBao; ops-warden
|
||||
follow-up noted 2026-05-17.
|
||||
|
||||
---
|
||||
|
||||
## Tasks
|
||||
|
||||
### T1 — OpsWardenConfig.md
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0005-T01
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "bbbc4dda-9634-4c04-86e5-94b96c021b43"
|
||||
```
|
||||
|
||||
- [x] OpenBao-first production section with Railiance URLs and `bao` CLI examples
|
||||
- [x] Explain `backend: vault` / `vault:` keys as Vault-compatible API abstraction
|
||||
- [x] Link to `railiance-platform/docs/openbao.md`
|
||||
|
||||
### T2 — Cross-reference updates
|
||||
|
||||
```task
|
||||
id: WARDEN-WP-0005-T02
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "6391cb82-896e-405a-a59b-36640e6480ba"
|
||||
```
|
||||
|
||||
- [x] `SCOPE.md` Core Idea and In Scope — OpenBao-first, Vault-compatible
|
||||
- [x] `wiki/CertCommandInterface.md` — caller-agnostic wording includes OpenBao
|
||||
|
||||
---
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- [x] Production config example uses OpenBao (`bao.coulomb.social` or in-cluster URL)
|
||||
- [x] No reader is told HashiCorp Vault is the platform standard
|
||||
- [x] `backend: vault` config shape unchanged (code compatibility preserved)
|
||||
- [x] `uv run pytest` still passes (docs-only change)
|
||||
Reference in New Issue
Block a user