generated from coulomb/repo-seed
Add credential routing, actor patterns, security map, OpenBao SSH checklist, and policy-gated signing design. Update registry and SCOPE; record INTENT↔SCOPE reassessment (C3 completeness).
33 lines
1.5 KiB
Markdown
33 lines
1.5 KiB
Markdown
## Repo boundary
|
|
|
|
This repo owns **ops-warden** only. It does not own:
|
|
|
|
| Concern | Owner |
|
|
|---------|-------|
|
|
| Tunnel lifecycle, `cert_command` wiring in tunnels | `ops-bridge` |
|
|
| Host SSH principal files, force-command wrappers | `railiance-infra` |
|
|
| Vault/OpenBao cluster deployment and unseal ceremony | `railiance-platform` |
|
|
| Inter-Hub operator API keys, provider API keys (e.g. OpenRouter) | OpenBao / operator secret store |
|
|
| State Hub service code and consistency tooling | `state-hub` |
|
|
| Workstream coordination across custodian domain | `the-custodian` |
|
|
| Human admin SSH key generation | self-service (`ssh-keygen`) |
|
|
| Identity / OIDC / MFA | `key-cape`, Keycloak |
|
|
| Authorization policy | `flex-auth` |
|
|
| Runtime secrets (non-SSH) | OpenBao |
|
|
|
|
## NetKingdom credential routing (quick reference)
|
|
|
|
| Worker need | Route to | ops-warden |
|
|
|-------------|----------|------------|
|
|
| SSH cert for host/ops access | ops-warden | Issue (`warden sign`) |
|
|
| API key / DB cred / lease | OpenBao | Document only — `wiki/CredentialRouting.md` |
|
|
| May I perform action X? | flex-auth | Design: `wiki/PolicyGatedSigning.md` |
|
|
| Login / MFA / OIDC | key-cape / Keycloak | Document only |
|
|
| SSH tunnel | ops-bridge | cert_command consumer |
|
|
| Host principals | railiance-infra | Document only |
|
|
|
|
Full map: `wiki/NetKingdomSecurityMap.md`.
|
|
|
|
ops-warden issues **short-lived SSH certificates** and maintains **operational
|
|
access stewardship docs**. It is not a general secrets manager and must not
|
|
store long-lived API keys in Git, State Hub, workplans, logs, or chat. |