vaultsovereign/vm-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd589024177e60389128de0c0f793f182daa8366
vm-ops/20-identity/roles/operator.md
vaultsovereign 901444a6d5 Inventory quartet and initial leases
2025-12-17 15:54:20 +00:00

411 B
Raw Blame History

Role: operator

Purpose

Execute critical operational actions from the core boundary.

Scope

  • Allowed: provisioning, configuration, recovery, decommission.
  • Forbidden: ad-hoc changes outside op-core-vm.

Allowed origins

  • op-core-vm only.

Rotation / revocation

  • Revoke: invalidate leases, rotate credentials, and sever device trust.
  • Prove: record the action in 70-audits/reports/.
Reference in New Issue View Git Blame Copy Permalink