Record OpenBao authenticated verifier proof
This commit is contained in:
@@ -276,6 +276,16 @@ through the local shell at all. Durable audit shipping beyond the audit PVC
|
|||||||
remains intentionally open until a tested sink is selected; State Hub notes and
|
remains intentionally open until a tested sink is selected; State Hub notes and
|
||||||
hashes are evidence, not retained audit custody.
|
hashes are evidence, not retained audit custody.
|
||||||
|
|
||||||
|
**2026-06-01:** Ran the authenticated verifier against the live pod token
|
||||||
|
helper immediately after a fresh `bao login -no-print -method=oidc
|
||||||
|
-path=keycape role=platform-admin` browser/MFA flow. The verifier passed:
|
||||||
|
OpenBao is unsealed on `2.5.4`, `bao audit list` shows `file/`,
|
||||||
|
`bao secrets list` shows `platform/`, `bao auth list` shows `kubernetes/` and
|
||||||
|
`keycape/`, and `/openbao/audit/openbao-audit.log` grew from 7969 bytes to
|
||||||
|
23330 bytes during the check. No token value was printed or copied into the
|
||||||
|
workplan. The cached verifier token was then revoked with
|
||||||
|
`bao token revoke -self`.
|
||||||
|
|
||||||
### T07 - Cross-Repo Transition Tasks
|
### T07 - Cross-Repo Transition Tasks
|
||||||
|
|
||||||
```task
|
```task
|
||||||
|
|||||||
Reference in New Issue
Block a user