|
creds-audit: enforce per-site credential consolidation (SEC-009); prevents the DC0/DC1 spread
SEC-009 established "all site secrets live in ~/<site>-creds/" but nothing enforced it, and it had two blind spots: VM-minted secrets (no forcing function to consolidate -- office1-netbox's sandbox NetBox token went un-consolidated until needed) and silent sprawl (a loose *.env in ~ had no detector). Standing up DC0/DC1 multiplies both. Built (operator-directed): - creds-manifests/<site>.manifest -- declares exactly the secrets a site must hold, each with mode + provenance (local, or <vm>:<path> for the VM-minted class). vr1-office1.manifest seeded (11 entries); the live folder audits CLEAN. - scripts/creds-audit.sh <site> -- verifies the live ~/<site>-creds/ against the manifest (0700 folder, declared modes, present, non-empty), flags UNDECLARED files, and scans the home root for SPRAWL. Reads NO secret values (metadata only; harness T7 asserts no cat/head/tail/od/xxd). CREDS_ROOT/MANIFEST_DIR overrides for testing. - tests/creds-audit/run-tests.sh (7/7) -- missing VM-secret, wrong mode, undeclared file, home-root sprawl, non-0700 folder, metadata-only. Auto-discovered by gauntlet. - dc-dc-phase3 GATE -- non-negotiable close-out: consolidate + manifest each secret AT MINT TIME, and creds-audit $DC must be CLEAN before a DC is declared done. - security-ledger SEC-009 ENFORCEMENT note. Verified: harness 7/7; live creds-audit vr1-office1 -> CLEAN (also tool-confirms the sandbox-token gap is closed); gauntlet ALL GREEN (59); repo-lint 0 fail. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_015WgVrZE2ryY9aXP7JiBuwj |
|---|
|
|
| creds-manifests/vr1-office1.manifest 0 → 100644 |
|---|
| docs/changelog-20260715-creds-audit.md 0 → 100644 |
|---|
| docs/security-ledger.md |
|---|
| runbooks/dc-dc-phase3-maas-enlist-deploy.md |
|---|
| scripts/creds-audit.sh 0 → 100755 |
|---|
| tests/creds-audit/run-tests.sh 0 → 100755 |
|---|