Inventory quartet and initial leases
This commit is contained in:
vaultsovereign
20
20-identity/leases/op-console-mac.md
Normal file
20
20-identity/leases/op-console-mac.md
Normal file
@@ -0,0 +1,20 @@
|
||||
# Lease: op-console-mac
|
||||
|
||||
## Grant
|
||||
|
||||
- Lease type: device (console)
|
||||
- Issued to role: operator
|
||||
- Issued at (UTC):
|
||||
- Expires at (UTC):
|
||||
- Revoked at (UTC):
|
||||
|
||||
## Scope
|
||||
|
||||
- Permits: physical and local access required to operate `op-core-vm`.
|
||||
- Forbids: treating the host OS as a source of trust.
|
||||
|
||||
## Rotation / revocation
|
||||
|
||||
- Revoke: remove local access, rotate any credentials that could have been exposed, and rebuild `op-core-vm` if integrity is in doubt.
|
||||
- Verify: confirm operator access is only possible from a trusted, rebuilt core.
|
||||
|
||||
Reference in New Issue
Block a user