generated from coulomb/repo-seed
Promote issue-core-ingestion-api-key and openrouter-llm-connect lanes to active
RAILIANCE-WP-0009 T06 / RAILIANCE-WP-0010 T06 (CCR-2026-0002, CCR-2026-0003): both OpenBao KV paths are live, ESO delivers the Secrets in cluster, and positive/negative access verification is audit-logged. Catalog entries gain concrete zero-placeholder handoffs (exec_capable, resolvable); draft tables and playbook gates updated; routing tests repointed to still-draft lanes. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -94,6 +94,8 @@ run the owner's tool as the caller and preserve owner custody.
|
||||
| `railiance-infra-principals` | "railiance-infra deploys host principals" | Run the infra Ansible |
|
||||
| `activity-core-issue-sink` | "activity-core + issue-core own emission — pair `ISSUE_CORE_*` env vars" | See `wiki/playbooks/activity-core-issue-sink.md` |
|
||||
| `inter-hub-bootstrap-ssh` | "Inter-Hub bootstrap SSH envelope — attended vs unattended branches" | See `wiki/InterHubBootstrapAccessLane.md` |
|
||||
| `issue-core-ingestion-api-key` | "railiance-platform OpenBao KV + ESO deliver `ISSUE_CORE_API_KEY` — here is the path" | ESO consumes in-cluster; `warden access issue-core-ingestion-api-key --fetch ISSUE_CORE_API_KEY` as yourself |
|
||||
| `openrouter-llm-connect` | "railiance-platform OpenBao KV + ESO deliver `OPENROUTER_API_KEY` to activity-core" | ESO consumes in-cluster; `warden access openrouter-llm-connect --fetch OPENROUTER_API_KEY` as yourself |
|
||||
|
||||
Promotion criteria: `wiki/playbooks/catalog-lane-promotion.md`.
|
||||
|
||||
@@ -101,8 +103,6 @@ Promotion criteria: `wiki/playbooks/catalog-lane-promotion.md`.
|
||||
|
||||
| Catalog `id` | Routing focus | Playbook |
|
||||
| --- | --- | --- |
|
||||
| `issue-core-ingestion-api-key` | OpenBao KV + ESO for `ISSUE_CORE_API_KEY` | `wiki/playbooks/issue-core-ingestion-api-key.md` |
|
||||
| `openrouter-llm-connect` | OpenRouter key → `llm-connect` in activity-core | `wiki/playbooks/openrouter-llm-connect.md` |
|
||||
| `object-storage-sts` | NK-WP-0007 STS vending path | `wiki/playbooks/object-storage-sts.md` |
|
||||
| `database-dynamic-credentials` | OpenBao database secrets engine | `wiki/playbooks/database-dynamic-credentials.md` |
|
||||
|
||||
@@ -117,7 +117,7 @@ value; the owner remains OpenBao, key-cape, flex-auth, or the routed subsystem.
|
||||
| Request | Correct path |
|
||||
| --- | --- |
|
||||
| "`VAULT_TOKEN` for ops-warden production sign / policy-gate smoke" | `railiance-platform` credential broker — `warden route show ops-warden-warden-sign-token` |
|
||||
| "Populate `OPENROUTER_API_KEY` for llm-connect" | Operator → OpenBao/K8s Secret in `activity-core` namespace |
|
||||
| "Populate `OPENROUTER_API_KEY` for llm-connect" | Operator → OpenBao custody; delivery via `warden route show openrouter-llm-connect` |
|
||||
| "Store Inter-Hub admin key for bootstrap" | Operator → OpenBao or `IHUB_OPERATOR_KEY_FILE` (`CUST-WP-0049`) |
|
||||
| "Give me Vault root token" | Break-glass ceremony → `railiance-platform/docs/openbao.md` |
|
||||
| "S3 credentials for artifact upload" | NK-WP-0007 / artifact-store consumer path |
|
||||
|
||||
Reference in New Issue
Block a user