vaultsovereign/vm-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e1fd9886e812fd39132e98a309afd2a72d0e158a
vm-ops/20-identity/roles/operator.md
vaultsovereign 901444a6d5 Inventory quartet and initial leases
2025-12-17 15:54:20 +00:00

411 B
Raw Blame History

Role: operator

Purpose

Execute critical operational actions from the core boundary.

Scope

  • Allowed: provisioning, configuration, recovery, decommission.
  • Forbidden: ad-hoc changes outside op-core-vm.

Allowed origins

  • op-core-vm only.

Rotation / revocation

  • Revoke: invalidate leases, rotate credentials, and sever device trust.
  • Prove: record the action in 70-audits/reports/.
Reference in New Issue View Git Blame Copy Permalink