RAILIANCE-WP-0009/0010 T07: credential lane lifecycle runbook

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 14:52:08 +02:00
parent f803bf167b
commit 38c6b11103
3 changed files with 117 additions and 2 deletions

View File

@@ -249,7 +249,7 @@ Acceptance:
```task
id: RAILIANCE-WP-0009-T07
status: wait
status: done
priority: medium
state_hub_task_id: "c85d1139-1f7d-4ed4-a2fc-5ea4ecbdf0c6"
```
@@ -293,3 +293,16 @@ the field-set decision to keep `ISSUE_CORE_API_KEY` and `GITEA_BACKEND_TOKEN`.
`/openbao/audit/openbao-audit.log`.
- T06 progress: front-door handoff sent to ops-warden (State Hub message
`5d47caaa-dd3f-496f-94ba-a488722f8d82`); waiting on catalog confirmation.
## T07 completed 2026-07-02
Lifecycle operations documented in
`docs/credential-lane-lifecycle-runbook.md`: the canonical per-action
procedure is generated by `scripts/credential-change.py lifecycle-plan
<CCR> --action {deactivate|rotate|compromise}`, and the runbook adds the
lane-specific consumer facts (materialized-Secret persistence, second
consumers, restart requirements, provider-side revocation for the OpenRouter
key) plus the post-rotate verification contract. Front-door disable comes
first in every action; audit evidence is never deleted; values stay in
OpenBao/operator custody.

View File

@@ -263,7 +263,7 @@ Acceptance:
```task
id: RAILIANCE-WP-0010-T07
status: wait
status: done
priority: medium
state_hub_task_id: "130155a5-e0f9-49f8-ba27-b48098746f02"
```
@@ -326,3 +326,16 @@ activity-core-owner); T01 closes on that approval with the
llm-connect instance on the railiance01 k3s cluster still consumes its
bootstrap-provisioned Secret; migrating it is railiance01-cluster work, not
part of CCR-2026-0003.
## T07 completed 2026-07-02
Lifecycle operations documented in
`docs/credential-lane-lifecycle-runbook.md`: the canonical per-action
procedure is generated by `scripts/credential-change.py lifecycle-plan
<CCR> --action {deactivate|rotate|compromise}`, and the runbook adds the
lane-specific consumer facts (materialized-Secret persistence, second
consumers, restart requirements, provider-side revocation for the OpenRouter
key) plus the post-rotate verification contract. Front-door disable comes
first in every action; audit evidence is never deleted; values stay in
OpenBao/operator custody.