coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
47 Commits 1 Branch 0 Tags
423eccc8e99fb7ac56a1fbde7b3fa77a7f2a000f
Commit Graph

12 Commits

Author SHA1 Message Date
tegwick
423eccc8e9 feat(openbao): enable bao.coulomb.social ingress and Traefik middlewares 
Expose OpenBao UI via TLS ingress with rate-limit and HSTS middlewares.
Track netkingdom OIDC mount in authenticated verify checks.
 2026-06-18 01:23:02 +02:00
tegwick
7838df6069 fix(openbao): complete SSH apply script for OpenBao 2.5.x issuers 
Generate default CA via ssh/config/ca, split composite KUBECTL for role writes,
read pubkey from config/ca, allow warden key_id in roles, prefer production kubeconfig.
 2026-06-18 01:18:56 +02:00
tegwick
c24956fb5a feat(openbao): add SSH engine automation for ops-warden signing 
Declarative roles, warden-sign policy, apply/verify scripts, and Makefile
targets openbao-configure-ssh and openbao-verify-ssh. Document operator flow
in docs/openbao.md for NET-WP-0020 T5 / WP-0008 T2.
 2026-06-18 01:06:43 +02:00
tegwick
18c1b86498 Reject placeholder OpenBao drill evidence 2026-06-02 02:02:09 +02:00
tegwick
606a5f3e1e Add OpenBao emergency drill evidence validator 2026-06-02 00:08:17 +02:00
tegwick
123b9aafce Add OpenBao restore evidence validator 2026-06-01 23:57:00 +02:00
tegwick
5e4040d43d Add OpenBao authenticated readiness verifier 2026-06-01 22:46:14 +02:00
tegwick
087bb91b86 Configure OpenBao file audit declaratively 2026-06-01 22:12:23 +02:00
tegwick
3a5f9f58e9 Clean up OpenBao config rerun output 2026-05-25 15:57:24 +02:00
tegwick
b76e9101d8 Tolerate declarative OpenBao audit setup 2026-05-25 15:14:41 +02:00
tegwick
3741294b05 Treat sealed OpenBao preflight as expected 2026-05-25 10:49:29 +02:00
tegwick
a7ffeb8b46 Platform secret setup 2026-05-23 13:59:58 +02:00