feat: complete credential broker source flow

This commit is contained in:
2026-06-27 00:29:53 +02:00
parent 2268a9375e
commit 673ec46e25
7 changed files with 853 additions and 52 deletions

View File

@@ -1,5 +1,5 @@
version: 1
updated: "2026-06-26"
updated: "2026-06-27"
owner_repo: railiance-platform
owner_domain: financials
workplan_id: RAILIANCE-WP-0005
@@ -73,6 +73,7 @@ grants:
- exec-env
- response-wrap
- local-token-file
- kubernetes-auth
preferred: exec-env
denied:
- chat
@@ -90,6 +91,16 @@ grants:
local_token_file:
directory: .local/credential-leases
mode: "0600"
kubernetes_auth:
mount: auth/kubernetes
role: credential-broker-warden-sign
audience: openbao
service_account_names:
- credential-broker
- ops-warden-smoke
namespaces:
- openbao
- ops-warden
audit:
openbao_audit_required: true
state_hub_metadata_allowed: true