mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 17:41:29 +00:00
shankar0123
9a7e818f3e
Wraps up Rank 5 of the 2026-05-03 Infisical deep-research deliverable (commitsedf6beeAWS +8a56a78Azure): - docs/runbook-cloud-targets.md — sysadmin-grade flowchart spanning the AWS ACM + Azure Key Vault deploy paths side-by-side. Covers minimum IAM policy / RBAC role JSON, IRSA + AKS workload-identity recipes, manual rollback recovery procedures (aws acm import-certificate / az keyvault certificate import), CloudTrail + Activity Log forensics queries for "who wrote to this ARN / vault cert", Prometheus cardinality + cost budget, and the V3-Pro forward path (CloudFront / Front Door direct-attach, ALB / App Gateway auto-bind, soft-delete recovery, GCP CM). - migrations/seed_demo.sql — two new demo target rows (tgt-aws- acm-prod + tgt-azure-kv-prod) so QA can exercise the per-cloud wiring end-to-end against the demo seed without standing up real cloud accounts. cowork/WORKSPACE-ROADMAP.md (sibling-folder, not in this commit's diff) was updated to mark the V2 AWS ACM + Azure KV connectors as shipped and document the V3-Pro CloudFront / Front Door direct-attach + App Gateway auto-bind + soft-delete recovery + GCP CM follow-on items. cowork/infisical-deep-research-results.md (sibling-folder) Part 5 Rank 5 marked CLOSED with both commit SHAs. Doc-only commit. No code changes. Verified locally: - go test -short -count=1 ./internal/connector/target/awsacm/... ./internal/connector/target/azurekv/... green. - markdown lint clean against the Bundle 8 + Rank 4 runbook templates.