Record OpenBao authenticated verifier proof
This commit is contained in:
parent
5e4040d43d
commit
c0c6ead5dd
1 changed files with 10 additions and 0 deletions
|
|
@ -276,6 +276,16 @@ through the local shell at all. Durable audit shipping beyond the audit PVC
|
||||||
remains intentionally open until a tested sink is selected; State Hub notes and
|
remains intentionally open until a tested sink is selected; State Hub notes and
|
||||||
hashes are evidence, not retained audit custody.
|
hashes are evidence, not retained audit custody.
|
||||||
|
|
||||||
|
**2026-06-01:** Ran the authenticated verifier against the live pod token
|
||||||
|
helper immediately after a fresh `bao login -no-print -method=oidc
|
||||||
|
-path=keycape role=platform-admin` browser/MFA flow. The verifier passed:
|
||||||
|
OpenBao is unsealed on `2.5.4`, `bao audit list` shows `file/`,
|
||||||
|
`bao secrets list` shows `platform/`, `bao auth list` shows `kubernetes/` and
|
||||||
|
`keycape/`, and `/openbao/audit/openbao-audit.log` grew from 7969 bytes to
|
||||||
|
23330 bytes during the check. No token value was printed or copied into the
|
||||||
|
workplan. The cached verifier token was then revoked with
|
||||||
|
`bao token revoke -self`.
|
||||||
|
|
||||||
### T07 - Cross-Repo Transition Tasks
|
### T07 - Cross-Repo Transition Tasks
|
||||||
|
|
||||||
```task
|
```task
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue