Correct whynot credential tenant path

2026-06-28 01:00:12 +02:00
parent ad47a136f7
commit eb24e04b71
10 changed files with 67 additions and 48 deletions
--- a/scripts/openbao-apply-workload-kv-lanes.sh
+++ b/scripts/openbao-apply-workload-kv-lanes.sh
@@ -19,7 +19,7 @@ Applies source-owned OpenBao workload KV read-lane policies.

 Current lane:
  - policy: workload-kv-read-whynot-design-npm-publish
-  - path:   platform/workloads/whynot-design/whynot-design/npm-publish
+  - path:   platform/workloads/coulomb/whynot-design/npm-publish
  - field:  NPM_AUTH_TOKEN

 The script reads an OpenBao operator token from OPENBAO_TOKEN_FILE or an
@@ -131,7 +131,7 @@ Remaining live steps:
  1. Confirm the whynot-design KeyCape/NetKingdom bound claim or service account.
  2. Create auth/netkingdom/role/whynot-design-workload-kv-read with only the
     workload-kv-read-whynot-design-npm-publish policy.
-  3. Provision platform/workloads/whynot-design/whynot-design/npm-publish with
+  3. Provision platform/workloads/coulomb/whynot-design/npm-publish with
     field NPM_AUTH_TOKEN through approved OpenBao/operator custody.
  4. Run positive and negative fetch verification without printing the token.
 NEXT