Reject placeholder OpenBao drill evidence
This commit is contained in:
@@ -272,8 +272,8 @@ Before any live application secrets move into OpenBao:
|
||||
custody. The drill must prove that a fresh OpenBao instance can restore the
|
||||
snapshot, unseal, and read a test secret.
|
||||
Record only non-secret evidence using
|
||||
`docs/openbao-restore-drill-evidence.example.json` as a template, then
|
||||
validate it with:
|
||||
`docs/openbao-restore-drill-evidence.example.json` as a template, replace
|
||||
every placeholder with real drill evidence, then validate it with:
|
||||
|
||||
```bash
|
||||
make openbao-validate-restore-evidence \
|
||||
@@ -324,8 +324,8 @@ Audit Core archive exists.
|
||||
|
||||
Emergency seal/unseal drills are disruptive and must only run in an attended
|
||||
window with threshold unseal shares available. Record non-secret drill evidence
|
||||
using `docs/openbao-emergency-drill-evidence.example.json` as a template, then
|
||||
validate it with:
|
||||
using `docs/openbao-emergency-drill-evidence.example.json` as a template,
|
||||
replace every placeholder with real drill evidence, then validate it with:
|
||||
|
||||
```bash
|
||||
make openbao-validate-emergency-evidence \
|
||||
|
||||
Reference in New Issue
Block a user