Added openbao secrets management and phaseout of bitnami for CloudNative PG
This commit is contained in:
12
SCOPE.md
12
SCOPE.md
@@ -22,7 +22,8 @@ Railiance is structured as five independent repos per OAS Stack layer. This repo
|
||||
|
||||
- PostgreSQL via CloudNative PG operator (cnpg) — operator deployed, `databases` namespace active
|
||||
- Valkey / Redis-compatible cache as a standalone Helm release (to be extracted from S2)
|
||||
- Secret management infrastructure
|
||||
- Secret management infrastructure (OpenBao as the platform service,
|
||||
SOPS/age for Git-at-rest bootstrap material)
|
||||
- Identity services integration point (with net-kingdom)
|
||||
- Message brokers (RabbitMQ, similar)
|
||||
- Object storage (MinIO / S3-compatible)
|
||||
@@ -111,10 +112,17 @@ description: S3-compatible object storage service (MinIO) for artifact storage,
|
||||
keywords: [minio, s3, object-storage, storage, artifacts, backup]
|
||||
```
|
||||
|
||||
```capability
|
||||
type: security
|
||||
title: OpenBao platform secrets service
|
||||
description: Canonical S3 secrets service for runtime secrets, dynamic credentials, audit, and future workload integrations. SOPS/age remains the bootstrap mechanism for Git-at-rest secrets.
|
||||
keywords: [openbao, secrets, vault-compatible, secret-management, dynamic-credentials, audit, kubernetes-auth]
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Getting Oriented
|
||||
|
||||
- Start with: `CLAUDE.md` (session protocol, boundary rules)
|
||||
- Key files / directories: `workplans/RAIL-PL-WP-0001-platform-baseline.md`, `helm/` (platform Helm charts), `Makefile`
|
||||
- Key files / directories: `workplans/RAIL-PL-WP-0001-platform-baseline.md`, `workplans/RAIL-PL-WP-0002-openbao-platform-secrets-service.md`, `helm/` (platform Helm charts), `docs/openbao.md`, `Makefile`
|
||||
- Pre-conditions: railiance-cluster (S2) converged with k3s running; cluster backup verified before migration steps (`sudo make backup` in railiance-cluster)
|
||||
|
||||
Reference in New Issue
Block a user