railiance-fabric/fabric/dependencies/artifact-store-object-storage-runtime-secrets.yaml

apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
  id: artifact-store.object-storage.needs-runtime-secrets
  name: artifact-store runtime secrets dependency
  owner: artifact-store
  repo: artifact-store
  domain: railiance
spec:
  lifecycle: planned
  environments: [dev, staging, prod]
  consumer_service_id: artifact-store.storage-service
  requires:
    capability_type: runtime-secrets
  interface:
    type: openbao-kv-v2-mount
    version_constraint: ">=v1 <v2"
  auth:
    method: kubernetes_service_account
  criticality: high
  data_classification: secret
  fallback:
    mode: none
    description: Credential vending needs a protected source for signing and backend secrets.