HOWTO: Bootstrap Vault and Seed Platform Secrets¶
Vault is the secrets backbone for the HybridOps platform — the source from which every module, pipeline, and automation job draws credentials at runtime. This HOWTO covers Vault initialisation and unseal, KV secrets engine setup, AppRole auth configuration for the HyOps CLI and Jenkins, and the initial credential seeding that makes the first module run possible. Vault is bootstrapped once and then managed by the platform lifecycle module thereafter.
What this covers:
- Vault initialisation, unseal key distribution, and root token revocation after bootstrap
- KV v2 secrets engine layout aligned with HybridOps module and platform naming conventions
- AppRole auth configuration for HyOps CLI and Jenkins with least-privilege policy binding