Add credential approval workflow plan
This commit is contained in:
parent
9d42c73833
commit
85a4278a55
8 changed files with 1103 additions and 0 deletions
|
|
@ -0,0 +1,13 @@
|
|||
# Least-privilege read policy for the whynot-design npm publish token.
|
||||
#
|
||||
# This policy intentionally grants only read access to the single KV-v2 secret
|
||||
# path used by ops-warden's caller-scoped access lane. It does not grant list
|
||||
# access to sibling workloads or mutation capabilities.
|
||||
|
||||
path "platform/data/workloads/whynot-design/whynot-design/npm-publish" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "platform/metadata/workloads/whynot-design/whynot-design/npm-publish" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue