Record credential broker delivery proof
This commit is contained in:
@@ -238,7 +238,7 @@ and completed without manual token paste. T04 is `done`.
|
||||
|
||||
```task
|
||||
id: RAILIANCE-WP-0005-T05
|
||||
status: wait
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "66f3cd6d-7520-4584-90b8-672866ef3490"
|
||||
```
|
||||
@@ -270,6 +270,16 @@ approved issuer token.
|
||||
`response-wrap`, `local-token-file`, and `kubernetes-auth` still need live
|
||||
evidence. T05 is `progress`.
|
||||
|
||||
**2026-07-01 follow-up:** Completed the remaining delivery-mode proof. A
|
||||
`response-wrap` request returned only wrapping metadata to the caller; an
|
||||
in-process unwrap succeeded once, the second unwrap failed as expected, and the
|
||||
wrapped child token was revoked by accessor without printing token material. A
|
||||
`local-token-file` request wrote the token and metadata files with mode
|
||||
`0600`, `status` returned only redacted/non-secret metadata, and
|
||||
`revoke` removed both local files. `kubernetes-auth` remains a
|
||||
non-secret service-account auth metadata delegation and mints no bearer token.
|
||||
T05 is `done`.
|
||||
|
||||
## T06 - Integrate KeyCape identity and agent subject binding
|
||||
|
||||
```task
|
||||
@@ -357,7 +367,7 @@ now ranks the broker lane first. Live smoke already proven via
|
||||
|
||||
```task
|
||||
id: RAILIANCE-WP-0005-T09
|
||||
status: wait
|
||||
status: progress
|
||||
priority: high
|
||||
state_hub_task_id: "78d1db83-12fb-4ac2-95eb-54c91ac125b5"
|
||||
```
|
||||
@@ -385,7 +395,7 @@ negative live mint checks can be collected.
|
||||
|
||||
```task
|
||||
id: RAILIANCE-WP-0005-T10
|
||||
status: wait
|
||||
status: progress
|
||||
priority: medium
|
||||
state_hub_task_id: "44ce4082-fa8f-44d0-8f86-172d14ecfb0e"
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user