docs: project docs, scripts, deployment configs, and evidence
This commit is contained in:
@@ -0,0 +1,37 @@
|
||||
# Secret Boundary Drill
|
||||
|
||||
- Generated at: 2026-03-24 10:41:28 +08:00
|
||||
- Source DB: D:\project\data\user_management.db
|
||||
- Isolated DB: D:\project\docs\evidence\ops\2026-03-24\secret-boundary\20260324-104122\user_management.secret-boundary.db
|
||||
- Isolated config: D:\project\docs\evidence\ops\2026-03-24\secret-boundary\20260324-104122\config.secret-boundary.yaml
|
||||
|
||||
## Template Validation
|
||||
|
||||
- config template jwt.secret blank: True
|
||||
- config template postgresql.password blank: True
|
||||
- config template mysql.password blank: True
|
||||
- forbidden placeholders removed from configs/config.yaml: True
|
||||
- .gitignore protects local JWT key files: True
|
||||
- .gitignore protects .env files: True
|
||||
|
||||
## Runtime Injection Validation
|
||||
|
||||
- Startup path: UMS_CONFIG_PATH + UMS_JWT_ALGORITHM + UMS_JWT_SECRET
|
||||
- Synthetic JWT algorithm injected: HS256
|
||||
- Synthetic JWT secret length: 45
|
||||
- GET /health: pass
|
||||
- GET /health/ready: pass
|
||||
- GET /api/v1/auth/capabilities: {"password":true,"email_code":false,"sms_code":false,"password_reset":false,"oauth_providers":[]}
|
||||
|
||||
## Scope Note
|
||||
|
||||
- This drill proves the repo-level secret boundary and environment injection path are executable locally.
|
||||
- It does not prove external secrets manager, KMS rotation, or CI/CD environment delivery evidence.
|
||||
|
||||
## Evidence Files
|
||||
|
||||
- server.stdout.log
|
||||
- server.stderr.log
|
||||
- capabilities.json
|
||||
- config.secret-boundary.yaml
|
||||
|
||||
Reference in New Issue
Block a user