coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Propose OpenBao automation delegation

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-28 00:44:23 +02:00
parent f92d07d5a1
commit 0e3ea30c75
2 changed files with 234 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/workload-kv-access-lanes.md
View File

@@ -125,6 +125,23 @@ path: platform/workloads/whynot-design/whynot-design/npm-publish
field: NPM_AUTH_TOKEN
```
In the OpenBao UI, open the `platform` KV engine and create or edit the secret
at:
```text
workloads/whynot-design/whynot-design/npm-publish
```
For policies and API checks, the same KV-v2 secret is addressed as:
```text
platform/data/workloads/whynot-design/whynot-design/npm-publish
platform/metadata/workloads/whynot-design/whynot-design/npm-publish
```
The OpenBao UI path does not include the `data/` or `metadata/` segment. Those
segments are the KV-v2 API and ACL policy paths.
The value must be entered directly through OpenBao/operator custody. Record only
non-secret evidence: actor, timestamp, path, field name, policy name, and
verification result.