coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
36ad7ba00d7b0e86a3e47dfe05b03251bcc448e6
ops-warden/examples/warden.production.example.yaml
tegwick e0adc10896 feat(WP-0008): reassessment, task-status canon, archive hygiene 
- Post-WP-0007 reassessment and SCOPE/README updates
- AGENTS.md + workplan-convention task status canon migration
- examples/warden.production.example.yaml for production OpenBao
- Archive WP-0004 through WP-0007 to workplans/archived/260617-*
- WP-0008 T1/T3/T4 done; T2/T5 wait on operator/flex-auth
2026-06-17 23:51:12 +02:00

25 lines
633 B
YAML
Raw Blame History

# Non-secret production template — copy to ~/.config/warden/warden.yaml
# Never commit tokens or CA private keys. See wiki/OpsWardenConfig.md
backend: vault
vault:
addr: https://bao.coulomb.social
mount: ssh
role_map:
adm: adm-role
agt: agt-role
atm: atm-role
token_env: VAULT_TOKEN
inventory_path: ~/.config/warden/inventory.yaml
state_dir: ~/.local/state/warden
# Opt-in flex-auth gate — keep false until ssh-certificate policies exist
policy:
enabled: false
flex_auth_url: http://127.0.0.1:8080
fail_closed: true
tenant: tenant:platform
subject_env: WARDEN_POLICY_SUBJECT
system: ops-warden
Reference in New Issue View Git Blame Copy Permalink