Add OpenBao restore evidence validator
This commit is contained in:
@@ -294,6 +294,13 @@ days; it is suitable for interface wiring and setup validation only. Railiance
|
||||
still owns the OpenBao file audit device and PVC, while production retention,
|
||||
tenant policy, and tamper-evident archive belong to Audit Core.
|
||||
|
||||
**2026-06-01:** Added a non-secret OpenBao restore-drill evidence template and
|
||||
`make openbao-validate-restore-evidence`. The validator requires concrete
|
||||
review evidence such as snapshot hashes, encrypted snapshot location, isolated
|
||||
restore completion, unseal/status/test-secret verification, isolated
|
||||
environment destruction, and a `no_secret_material_recorded` assertion. This
|
||||
keeps `NET-WP-0017-T02` from relying on a bare UI checkbox for restore proof.
|
||||
|
||||
### T07 - Cross-Repo Transition Tasks
|
||||
|
||||
```task
|
||||
|
||||
Reference in New Issue
Block a user