|
|
40f7e7e4c0
|
docs(#354): Add comprehensive OpenBao integration guide
ci/woodpecker/push/woodpecker Pipeline failed
Complete documentation for OpenBao Transit encryption covering setup,
architecture, production hardening, and operations.
Sections:
- Overview: Why OpenBao, Transit encryption explained
- Architecture: Data flow diagrams, fallback behavior
- Default Setup: Turnkey auto-init/unseal, file locations
- Environment Variables: Configuration options
- Transit Keys: Named keys, rotation procedures
- Production Hardening: 10-point security checklist
- Operations: Health checks, manual procedures, monitoring
- Troubleshooting: Common issues and solutions
- Disaster Recovery: Backup/restore procedures
Key Topics:
- Shamir key splitting upgrade (1-of-1 → 3-of-5)
- TLS configuration for production
- Audit logging enablement
- HA storage backends (Raft/Consul)
- External auto-unseal with KMS
- Rate limiting via reverse proxy
- Network isolation best practices
- Key rotation procedures
- Backup automation
Closes #354
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
2026-02-07 16:16:51 -06:00 |
|
