Propose OpenBao automation delegation
This commit is contained in:
parent
f92d07d5a1
commit
0e3ea30c75
2 changed files with 234 additions and 0 deletions
|
|
@ -125,6 +125,23 @@ path: platform/workloads/whynot-design/whynot-design/npm-publish
|
|||
field: NPM_AUTH_TOKEN
|
||||
```
|
||||
|
||||
In the OpenBao UI, open the `platform` KV engine and create or edit the secret
|
||||
at:
|
||||
|
||||
```text
|
||||
workloads/whynot-design/whynot-design/npm-publish
|
||||
```
|
||||
|
||||
For policies and API checks, the same KV-v2 secret is addressed as:
|
||||
|
||||
```text
|
||||
platform/data/workloads/whynot-design/whynot-design/npm-publish
|
||||
platform/metadata/workloads/whynot-design/whynot-design/npm-publish
|
||||
```
|
||||
|
||||
The OpenBao UI path does not include the `data/` or `metadata/` segment. Those
|
||||
segments are the KV-v2 API and ACL policy paths.
|
||||
|
||||
The value must be entered directly through OpenBao/operator custody. Record only
|
||||
non-secret evidence: actor, timestamp, path, field name, policy name, and
|
||||
verification result.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue