id: CCR-2026-0003 kind: credential-change-request schema_version: 1 request_type: workload-kv-read title: "llm-connect OpenRouter provider key lane" status: proposed created: "2026-06-27" updated: "2026-06-27" requester: agent: ops-warden message_id: "fe5b1696-8956-4bd5-9d6f-dbde1901a076" reason: "Confirm and provision the llm-connect OpenRouter workload KV lane requested in the ops-warden batch." review: required: true required_approvers: - platform-operator - activity-core-owner comments: [] target: domain: financials tenant: activity-core workload: llm-connect environment: production purpose: "llm-connect provider access through OpenBao workload KV and External Secrets" openbao: mount: platform kv_path: platform/workloads/activity-core/llm-connect/llm-connect-provider-secrets fields: - OPENROUTER_API_KEY policy_name: workload-kv-read-llm-connect-provider-secrets policy_file: openbao/policies/workload-kv-read-llm-connect-provider-secrets.hcl auth: method: kubernetes mount: kubernetes role: llm-connect-provider-secrets-read bound_claims: service_account_names: - llm-connect service_account_namespaces: - activity-core bound_claims_confirmed: false policies: - workload-kv-read-llm-connect-provider-secrets ttl: 15m access_frontdoor: type: ops-warden catalog_id: llm-connect-openrouter-api-key selector: "llm-connect OpenRouter API key" command: "warden access llm-connect-openrouter-api-key --fetch OPENROUTER_API_KEY" resolvable: false readiness: template activation: "draft-until-ccr-verified" delivery: surface: external-secrets target: "Secret llm-connect-provider-secrets in the activity-core namespace" risk: classification: high notes: - "Grants read access to the provider key used by llm-connect for OpenRouter requests." - "The Kubernetes service account and namespace binding must be confirmed before apply." - "ops-warden must proxy reads as the caller and must not retain token values." verification: positive: - "Approved llm-connect service account can read field OPENROUTER_API_KEY through OpenBao or External Secrets without printing the value." negative: - "A service account outside the approved activity-core/llm-connect binding cannot read the path." activation_conditions: - "Policy applied with platform-admin/operator authority." - "Kubernetes auth role bound to the confirmed llm-connect service account and namespace." - "Secret value provisioned directly in OpenBao through approved operator custody." - "Positive and negative verification recorded with non-secret audit ids or timestamps." lifecycle: deactivate: "Disable ops-warden catalog entry and remove or detach auth role policy." rotate: "Replace OPENROUTER_API_KEY directly in OpenBao and record non-secret rotation evidence." compromised: "Immediately deactivate access front door, rotate the provider key, record blast-radius notes, and open incident follow-up tasks." state_hub: workplan_id: RAILIANCE-WP-0007 ops_warden_batch_message_id: "fe5b1696-8956-4bd5-9d6f-dbde1901a076"