Status: Proposal — not implemented. Builds on the encrypted-volumes node master key / key-wrapping hierarchy (read that first). Subsumes the edge secret set verb and edge_secrets table referenced by the edge proposal.
Separates two conflated problems with intentionally different mechanisms:
- Class A — startup credentials (DB password, TLS client cert, API key needed before first request). Threat is at rest. Answer: encrypted storage with automatic unsealing.
- Class B — ambient API credentials (Stripe key, Grafana token, GitHub token a workload uses but need not hold). Answer: a credential broker that authenticates the caller, applies policy, and proxies the call or issues a short-lived scoped token — so a compromised workload can't exfiltrate a long-lived key.
📄 Full proposal: https://github.com/Project-Capsule/capsule/blob/main/docs/secrets.md
Status: Proposal — not implemented. Builds on the encrypted-volumes node master key / key-wrapping hierarchy (read that first). Subsumes the
edge secret setverb andedge_secretstable referenced by the edge proposal.Separates two conflated problems with intentionally different mechanisms:
📄 Full proposal: https://github.com/Project-Capsule/capsule/blob/main/docs/secrets.md