Add OpenBao emergency drill evidence validator
This commit is contained in:
@@ -301,6 +301,14 @@ restore completion, unseal/status/test-secret verification, isolated
|
||||
environment destruction, and a `no_secret_material_recorded` assertion. This
|
||||
keeps `NET-WP-0017-T02` from relying on a bare UI checkbox for restore proof.
|
||||
|
||||
**2026-06-01:** Added the matching non-secret emergency seal/unseal drill
|
||||
evidence template and `make openbao-validate-emergency-evidence`. The validator
|
||||
requires an attended seal/unseal evidence file with timing, sealed-state proof,
|
||||
unseal quorum availability, post-unseal verification, availability-window
|
||||
duration, and `no_secret_material_recorded`. The validator does not run the
|
||||
disruptive drill; it only checks the evidence captured after the attended
|
||||
operation.
|
||||
|
||||
### T07 - Cross-Repo Transition Tasks
|
||||
|
||||
```task
|
||||
|
||||
Reference in New Issue
Block a user