generated from coulomb/repo-seed
Add credential routing, actor patterns, security map, OpenBao SSH checklist, and policy-gated signing design. Update registry and SCOPE; record INTENT↔SCOPE reassessment (C3 completeness).
1.5 KiB
1.5 KiB
Repo boundary
This repo owns ops-warden only. It does not own:
| Concern | Owner |
|---|---|
Tunnel lifecycle, cert_command wiring in tunnels |
ops-bridge |
| Host SSH principal files, force-command wrappers | railiance-infra |
| Vault/OpenBao cluster deployment and unseal ceremony | railiance-platform |
| Inter-Hub operator API keys, provider API keys (e.g. OpenRouter) | OpenBao / operator secret store |
| State Hub service code and consistency tooling | state-hub |
| Workstream coordination across custodian domain | the-custodian |
| Human admin SSH key generation | self-service (ssh-keygen) |
| Identity / OIDC / MFA | key-cape, Keycloak |
| Authorization policy | flex-auth |
| Runtime secrets (non-SSH) | OpenBao |
NetKingdom credential routing (quick reference)
| Worker need | Route to | ops-warden |
|---|---|---|
| SSH cert for host/ops access | ops-warden | Issue (warden sign) |
| API key / DB cred / lease | OpenBao | Document only — wiki/CredentialRouting.md |
| May I perform action X? | flex-auth | Design: wiki/PolicyGatedSigning.md |
| Login / MFA / OIDC | key-cape / Keycloak | Document only |
| SSH tunnel | ops-bridge | cert_command consumer |
| Host principals | railiance-infra | Document only |
Full map: wiki/NetKingdomSecurityMap.md.
ops-warden issues short-lived SSH certificates and maintains operational access stewardship docs. It is not a general secrets manager and must not store long-lived API keys in Git, State Hub, workplans, logs, or chat.