certctl

gsadmin/certctl

Fork 0

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 15:51:30 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
shankar0123	9a7e818f3e	docs, seed: cloud-target operator runbook + AWS ACM / Azure KV demo seed rows Wraps up Rank 5 of the 2026-05-03 Infisical deep-research deliverable (commits `edf6bee` AWS + `8a56a78` Azure): - docs/runbook-cloud-targets.md — sysadmin-grade flowchart spanning the AWS ACM + Azure Key Vault deploy paths side-by-side. Covers minimum IAM policy / RBAC role JSON, IRSA + AKS workload-identity recipes, manual rollback recovery procedures (aws acm import-certificate / az keyvault certificate import), CloudTrail + Activity Log forensics queries for "who wrote to this ARN / vault cert", Prometheus cardinality + cost budget, and the V3-Pro forward path (CloudFront / Front Door direct-attach, ALB / App Gateway auto-bind, soft-delete recovery, GCP CM). - migrations/seed_demo.sql — two new demo target rows (tgt-aws- acm-prod + tgt-azure-kv-prod) so QA can exercise the per-cloud wiring end-to-end against the demo seed without standing up real cloud accounts. cowork/WORKSPACE-ROADMAP.md (sibling-folder, not in this commit's diff) was updated to mark the V2 AWS ACM + Azure KV connectors as shipped and document the V3-Pro CloudFront / Front Door direct-attach + App Gateway auto-bind + soft-delete recovery + GCP CM follow-on items. cowork/infisical-deep-research-results.md (sibling-folder) Part 5 Rank 5 marked CLOSED with both commit SHAs. Doc-only commit. No code changes. Verified locally: - go test -short -count=1 ./internal/connector/target/awsacm/... ./internal/connector/target/azurekv/... green. - markdown lint clean against the Bundle 8 + Rank 4 runbook templates.	2026-05-03 22:46:29 +00:00

shankar0123

9a7e818f3e

docs, seed: cloud-target operator runbook + AWS ACM / Azure KV demo seed rows

Wraps up Rank 5 of the 2026-05-03 Infisical deep-research deliverable
(commits edf6bee AWS + 8a56a78 Azure):

  - docs/runbook-cloud-targets.md — sysadmin-grade flowchart spanning
    the AWS ACM + Azure Key Vault deploy paths side-by-side. Covers
    minimum IAM policy / RBAC role JSON, IRSA + AKS workload-identity
    recipes, manual rollback recovery procedures (aws acm
    import-certificate / az keyvault certificate import), CloudTrail
    + Activity Log forensics queries for "who wrote to this ARN /
    vault cert", Prometheus cardinality + cost budget, and the
    V3-Pro forward path (CloudFront / Front Door direct-attach,
    ALB / App Gateway auto-bind, soft-delete recovery, GCP CM).
  - migrations/seed_demo.sql — two new demo target rows (tgt-aws-
    acm-prod + tgt-azure-kv-prod) so QA can exercise the per-cloud
    wiring end-to-end against the demo seed without standing up
    real cloud accounts.

cowork/WORKSPACE-ROADMAP.md (sibling-folder, not in this commit's
diff) was updated to mark the V2 AWS ACM + Azure KV connectors as
shipped and document the V3-Pro CloudFront / Front Door direct-attach
+ App Gateway auto-bind + soft-delete recovery + GCP CM follow-on
items.

cowork/infisical-deep-research-results.md (sibling-folder) Part 5
Rank 5 marked CLOSED with both commit SHAs.

Doc-only commit. No code changes.

Verified locally:
- go test -short -count=1 ./internal/connector/target/awsacm/...
  ./internal/connector/target/azurekv/...  green.
- markdown lint clean against the Bundle 8 + Rank 4 runbook templates.

2026-05-03 22:46:29 +00:00

1 Commits