Support activity-core ISSUE_CORE_API_KEY ExternalSecret on railiance01
All checks were successful
CI Smoke / host-smoke (push) Successful in 0s
CI Smoke / container-smoke (push) Successful in 3s

Switch openbao-activity-core ClusterSecretStore to interim coulombcore
token auth like forgejo/reuse, broaden the activity-core ESO policy to
include the shared issue-core runtime path, and document ESO-managed rotation.
This commit is contained in:
tegwick 2026-07-08 00:04:59 +02:00
parent a323b7e04d
commit e36694648a
4 changed files with 43 additions and 14 deletions

View file

@ -0,0 +1,21 @@
# External Secrets Operator policy for the activity-core namespace.
#
# Covers:
# - llm-connect provider secrets (OPENROUTER_API_KEY)
# - shared issue-core ingestion key for activity-core IssueSink emission
path "platform/data/workloads/activity-core/llm-connect/llm-connect-provider-secrets" {
capabilities = ["read"]
}
path "platform/metadata/workloads/activity-core/llm-connect/llm-connect-provider-secrets" {
capabilities = ["read"]
}
path "platform/data/workloads/issue-core/issue-core/issue-core-runtime" {
capabilities = ["read"]
}
path "platform/metadata/workloads/issue-core/issue-core/issue-core-runtime" {
capabilities = ["read"]
}