vaultsovereign/vm-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
chore/ops-docs-drift-2025-12-27
vm-ops/20-identity/roles/witness.md
vaultsovereign 901444a6d5 Inventory quartet and initial leases
2025-12-17 15:54:20 +00:00

413 B
Raw Permalink Blame History

Role: witness

Purpose

Observe and confirm (alerts, read-only checks, second-factor confirmations).

Scope

  • Allowed: read-only verification and confirmations.
  • Forbidden: provisioning and configuration changes.

Allowed origins

  • op-witness-phone only.

Rotation / revocation

  • Revoke: remove device access and rotate any linked factors.
  • Prove: record the action in 70-audits/reports/.
Reference in New Issue View Git Blame Copy Permalink