vaultsovereign/vm-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3bef9dfb164584bcd75292feba65cfe2fffce5c
vm-ops/00-doctrine/identity-law.md
vaultsovereign f375d21a9e Initialize ops repository
2025-12-17 15:13:19 +00:00

849 B
Raw Blame History

Identity Law

Principles

  • Operate via roles, not personalities.
  • Issue access as leases (time-bound, revocable), not permanence.
  • Prefer short-lived credentials over long-lived secrets.
  • Public keys are safe to store; private keys are not.

In-repo boundaries

  • Role definitions live in 20-identity/roles/.
  • Policies and intent live in 20-identity/policies/.
  • Leases (who/what has access, until when) live in 20-identity/leases/.
  • Public keys live in 20-identity/keys/public/.
  • Private keys and plaintext secrets never live in this repo.

Required properties (revocation)

Every identity mechanism must support:

  1. Revoke: shut it off quickly.
  2. Rotate: replace it predictably.
  3. Prove: show what changed and when.

If any of the above is not true, the mechanism does not belong in the core.

Reference in New Issue View Git Blame Copy Permalink