- CCR-2026-0002/0003: frontdoor_activation evidence recorded, status active, readiness ready/resolvable (ops-warden catalog promotion commit 364eb7d) - WP-0009/0010 T06 done; both workplans finished - WP-0005 T10 closed on acceptance (fast path, break-glass, routing truth consistent); phase-2 readonly-diagnostics grant deferred as follow-up - WP-0005 T07 stays wait: flex-auth lacks a credential-grant authorization surface (capability request sent, State Hub message 893ff109) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
135 lines
5.9 KiB
YAML
135 lines
5.9 KiB
YAML
id: CCR-2026-0003
|
|
kind: credential-change-request
|
|
schema_version: 1
|
|
request_type: workload-kv-read
|
|
title: llm-connect OpenRouter provider key lane
|
|
status: active
|
|
created: '2026-06-27'
|
|
updated: '2026-07-02'
|
|
requester:
|
|
agent: ops-warden
|
|
message_id: fe5b1696-8956-4bd5-9d6f-dbde1901a076
|
|
reason: Confirm and provision the llm-connect OpenRouter workload KV lane requested
|
|
in the ops-warden batch.
|
|
review:
|
|
required: true
|
|
required_approvers:
|
|
- platform-operator
|
|
- activity-core-owner
|
|
comments:
|
|
- at: '2026-07-01T22:12:00+00:00'
|
|
reviewer: codex
|
|
decision: selector_aligned_to_ops_warden_catalog
|
|
comment: ops-warden registry/routing/catalog.yaml and wiki/playbooks/openrouter-llm-connect.md
|
|
define openrouter-llm-connect as the draft OpenRouter/llm-connect route. Updated
|
|
CCR access_frontdoor metadata to use that canonical selector; approval and live
|
|
apply remain pending.
|
|
- at: '2026-06-29T22:53:03+00:00'
|
|
reviewer: codex
|
|
decision: metadata_review_binding_confirmed_pending_owner_approval
|
|
comment: Live cluster metadata on 2026-06-30 confirms namespace activity-core
|
|
exists and the External Secrets operator service account external-secrets/external-secrets
|
|
exists. The proposed llm-connect service account does not exist; the llm-connect
|
|
Deployment currently uses the default service account. Updated the proposed
|
|
OpenBao auth binding to the platform ESO pattern with role external-secrets-activity-core.
|
|
No activity-core ExternalSecret exists yet; a namespace-limited ClusterSecretStore
|
|
source manifest was added for future rollout. Keep CCR status proposed until
|
|
platform/operator and activity-core-owner approval.
|
|
- at: '2026-07-02T09:59:54+00:00'
|
|
reviewer: bernd.worsch
|
|
decision: approved
|
|
comment: 'Approved in chat (Claude Code coached-approvals session, 2026-07-02)
|
|
acting as all required approvers: platform-operator, activity-core-owner.'
|
|
target:
|
|
domain: financials
|
|
tenant: activity-core
|
|
workload: llm-connect
|
|
environment: production
|
|
purpose: llm-connect provider access through OpenBao workload KV and External Secrets
|
|
openbao:
|
|
mount: platform
|
|
kv_path: platform/workloads/activity-core/llm-connect/llm-connect-provider-secrets
|
|
fields:
|
|
- OPENROUTER_API_KEY
|
|
policy_name: workload-kv-read-llm-connect-provider-secrets
|
|
policy_file: openbao/policies/workload-kv-read-llm-connect-provider-secrets.hcl
|
|
auth:
|
|
method: kubernetes
|
|
mount: kubernetes
|
|
role: external-secrets-activity-core
|
|
bound_claims:
|
|
service_account_names:
|
|
- external-secrets
|
|
service_account_namespaces:
|
|
- external-secrets
|
|
bound_claims_confirmed: true
|
|
policies:
|
|
- workload-kv-read-llm-connect-provider-secrets
|
|
ttl: 15m
|
|
access_frontdoor:
|
|
type: ops-warden
|
|
catalog_id: openrouter-llm-connect
|
|
selector: llm-connect OpenRouter API key
|
|
command: warden access openrouter-llm-connect --fetch OPENROUTER_API_KEY
|
|
resolvable: true
|
|
readiness: ready
|
|
activation: verified-positive-and-negative-access-frontdoor-active-2026-07-02
|
|
delivery:
|
|
surface: external-secrets
|
|
target: ExternalSecret to Secret llm-connect-provider-secrets in the activity-core
|
|
namespace
|
|
risk:
|
|
classification: high
|
|
notes:
|
|
- Grants read access to the provider key used by llm-connect for OpenRouter requests
|
|
through the platform External Secrets path.
|
|
- The Kubernetes auth subject is the External Secrets operator service account external-secrets/external-secrets,
|
|
with ClusterSecretStore usage limited to the activity-core namespace.
|
|
- ops-warden must proxy reads as the caller and must not retain token values.
|
|
verification:
|
|
positive:
|
|
- An approved activity-core ExternalSecret can sync field OPENROUTER_API_KEY to
|
|
Secret llm-connect-provider-secrets without printing the value.
|
|
- The llm-connect runtime can consume the resulting Kubernetes Secret without exposing
|
|
values.
|
|
negative:
|
|
- A namespace outside the approved ClusterSecretStore condition cannot use this
|
|
store to read the path.
|
|
- A service account outside external-secrets/external-secrets cannot authenticate
|
|
through the External Secrets OpenBao role.
|
|
activation_conditions:
|
|
- Policy applied with platform-admin/operator authority.
|
|
- Kubernetes auth role bound to external-secrets/external-secrets for the activity-core
|
|
External Secrets delivery path.
|
|
- Secret value provisioned directly in OpenBao through approved operator custody.
|
|
- Positive and negative verification recorded with non-secret audit ids or timestamps.
|
|
evidence:
|
|
- at: '2026-07-02T10:08:00+00:00'
|
|
actor: bernd.worsch
|
|
kind: delegated_metadata_apply
|
|
result: passed
|
|
details:
|
|
- Delegated metadata applier ran as bernd.worsch using local bao CLI ambient authority.
|
|
- 'Policy metadata write: sys/policies/acl/workload-kv-read-llm-connect-provider-secrets'
|
|
- 'Auth role metadata write: auth/kubernetes/role/external-secrets-activity-core'
|
|
- No secret values were read, written, printed, or accepted in argv.
|
|
- at: '2026-07-02T18:49:08+00:00'
|
|
actor: railiance-platform
|
|
kind: frontdoor_activation
|
|
result: passed
|
|
details:
|
|
- 'ops-warden promoted catalog id openrouter-llm-connect to status active (ops-warden
|
|
commit 364eb7d, reviewed 2026-07-02): entry is exec_capable and resolvable with
|
|
zero-placeholder handoff; ops-warden proxies reads as the caller and holds no
|
|
provider key value. Promotion followed positive/negative verification recorded
|
|
2026-07-02.'
|
|
lifecycle:
|
|
deactivate: Disable ops-warden catalog entry and remove or detach auth role policy.
|
|
rotate: Replace OPENROUTER_API_KEY directly in OpenBao and record non-secret rotation
|
|
evidence.
|
|
compromised: Immediately deactivate access front door, rotate the provider key,
|
|
record blast-radius notes, and open incident follow-up tasks.
|
|
state_hub:
|
|
workplan_id: RAILIANCE-WP-0007
|
|
ops_warden_batch_message_id: fe5b1696-8956-4bd5-9d6f-dbde1901a076
|