generated from coulomb/repo-seed
Implement WP-0022 audit trail and WP-0023 INTENT–SCOPE closeout
Add unified metadata-only audit.jsonl with secret-material guard, instrument sign/access/worker paths, and expose warden activity CLI. Surface broker hint when VAULT_TOKEN is unset, refresh INTENT/SCOPE docs, and add production integration checklists plus catalog lane promotion playbook.
This commit is contained in:
@@ -11,6 +11,7 @@ import httpx
|
||||
from warden.ca import CABackend, CAError, _append_signature_log, _enforce_ttl, _evict_cert, parse_cert_metadata
|
||||
from warden.config import VaultConfig
|
||||
from warden.models import CertRecord, CertSpec
|
||||
from warden.vault_hints import missing_vault_token_message
|
||||
|
||||
|
||||
class VaultCA(CABackend):
|
||||
@@ -23,10 +24,7 @@ class VaultCA(CABackend):
|
||||
def _token(self) -> str:
|
||||
token = os.environ.get(self._cfg.token_env, "")
|
||||
if not token:
|
||||
raise CAError(
|
||||
f"Vault token not found. Set the {self._cfg.token_env!r} "
|
||||
f"environment variable, or run: vault login"
|
||||
)
|
||||
raise CAError(missing_vault_token_message(self._cfg.token_env))
|
||||
return token
|
||||
|
||||
def sign(self, spec: CertSpec) -> CertRecord:
|
||||
|
||||
Reference in New Issue
Block a user