feat: complete credential broker source flow
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
version: 1
|
||||
updated: "2026-06-26"
|
||||
updated: "2026-06-27"
|
||||
owner_repo: railiance-platform
|
||||
owner_domain: financials
|
||||
workplan_id: RAILIANCE-WP-0005
|
||||
@@ -73,6 +73,7 @@ grants:
|
||||
- exec-env
|
||||
- response-wrap
|
||||
- local-token-file
|
||||
- kubernetes-auth
|
||||
preferred: exec-env
|
||||
denied:
|
||||
- chat
|
||||
@@ -90,6 +91,16 @@ grants:
|
||||
local_token_file:
|
||||
directory: .local/credential-leases
|
||||
mode: "0600"
|
||||
kubernetes_auth:
|
||||
mount: auth/kubernetes
|
||||
role: credential-broker-warden-sign
|
||||
audience: openbao
|
||||
service_account_names:
|
||||
- credential-broker
|
||||
- ops-warden-smoke
|
||||
namespaces:
|
||||
- openbao
|
||||
- ops-warden
|
||||
audit:
|
||||
openbao_audit_required: true
|
||||
state_hub_metadata_allowed: true
|
||||
|
||||
Reference in New Issue
Block a user