gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 17:12:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
shankar0123
2026-05-05 18:18:29 +00:00
parent 7c5cc57d75
commit 75097909e9
71 changed files with 95 additions and 771 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/operator/performance-baselines.md
+1 -1
View File
@@ -97,7 +97,7 @@ After any of:
- Connection pool config change
- Changing the renewal scheduler interval
Capture timing in `cowork/loadtest-baselines/<date>.md` so future regressions surface against a real baseline rather than the operator's gut feeling.
Capture timing in your own loadtest-baselines log so future regressions surface against a real baseline rather than the operator's gut feeling.
## Related docs
docs/operator/runbooks/cloud-targets.md
+1 -1
View File
@@ -318,7 +318,7 @@ az monitor activity-log list \
## V3-Pro forward path
Tracked at `cowork/WORKSPACE-ROADMAP.md` under "Adapter hardening":
Tracked under "Adapter hardening" on the project roadmap:
- **AWS CloudFront direct-attach** — UpdateDistribution after an ACM
ImportCertificate so the CloudFront edge picks up the new cert
docs/operator/runbooks/disaster-recovery.md
+1 -1
View File
@@ -238,7 +238,7 @@ remains trusted by relying parties until its `notAfter` (typical
openssl x509 -in new-cert -noout -issuer
```
**Future:** when the HSM/PKCS#11 driver bundle (`cowork/hsm-pkcs11-
**Future:** when the HSM/PKCS#11 driver bundle (planned;
driver-prompt.md`) ships, this rotation procedure changes
substantially — the HSM-backed key never moves, only the cert wrap
rotates. The signer interface seam is the load-bearing prerequisite
docs/operator/runbooks/expiry-alerts.md
+1 -1
View File
@@ -217,7 +217,7 @@ dedup on the `notification_events` table guards against that).
## V3-Pro forward path
Tracked at `cowork/WORKSPACE-ROADMAP.md` under "Adapter hardening":
Tracked under "Adapter hardening" on the project roadmap:
- Per-owner / per-team / per-tenant channel routing (the matrix is
per-policy today, not per-owner).
docs/operator/tls.md
+1 -1
View File
@@ -156,7 +156,7 @@ Same three controls as CLI, env-var-driven only (no flags — MCP runs as a stdi
- `CERTCTL_SERVER_CA_BUNDLE_PATH` optional CA bundle
- `CERTCTL_SERVER_TLS_INSECURE_SKIP_VERIFY` optional skip
Claude Desktop / other MCP client configs should set all three in the tool's env block.
MCP-client configs should set all three in the tool's env block.
## Troubleshooting: fail-loud preflight errors