OOpenclawnet
  • Introduction
  • Docs
      • 20260425 concept review
      • 20260503 repo split decision
      • Agent runtime
      • Components
      • Glossary
      • Jobs
      • Memory service proposal
      • Nemoclaw mapping
      • Openclaw mapping
      • Overview
      • Provider model
      • Runtime flow
      • Scenarios s4 s5 plan
      • Secrets vault admin ui
      • Secrets vault azure readiness
      • Secrets vault evolution
      • Secrets vault lifecycle phase4
      • Secrets vault lifecycle phase5
      • Secrets vault phase5
      • Secrets vault phase6
      • Secrets vault threat model
      • Source of truth rules
      • Storage
  • Scripts
  • Sessions
    • RELEASE CHECKLIST
    • Session 2 guide es
    • Session 2 guide
    • Session 3 guide es
    • Session 3 guide
    • Session 4 guide es
    • Session 4 guide
    • Session 5 guide es
    • Session 5 guide
    • Speakers
  • Src
  • Tests
Powered by Docsbook
Docs/Architecture/Secrets vault lifecycle phase4
Secrets vault evolutionPreviousSecrets vault lifecycle phase5Next

On this page

  • Goals
  • Non-Goals
  • 1) Versioning
  • 1.1 Data model: SecretVersions table
  • 1.2 Vault API surface
  • 1.3 Backfill strategy (existing rows ΓåÆ Version 1)
  • 2) Rotation
  • 2.1 API
  • 2.2 Atomic semantics
  • 2.3 Cache TTL grace
  • 2.4 Operator surfaces
  • 3) Soft-delete + purge
  • 3.1 Schema
  • 3.2 Default retention
  • 3.3 API
  • 3.4 Azure Key Vault mapping
  • 4) Audit hash-chain (tamper-evidence)
  • 4.1 Schema additions
  • 4.2 Hash algorithm
  • 4.3 Verification CLI
  • 5) Cross-backend semantics
  • 6) Migration plan
  • 6.1 EF migration
  • 6.2 Data backfill
  • 7) Test strategy
  • 7.1 Unit tests
  • 7.2 Integration tests
  • 7.3 CLI smoke tests
  • 8) Ops runbooks (short)
  • 8.1 Rotate a credential
  • 8.2 Recover a deleted secret
  • 8.3 Verify the audit chain
  • 9) Coordination with MarkΓÇÖs ACL Phase 2
  • 9.1 Overlap
  • 9.2 Recommendation
  • Summary
  • Ratification Notes (2026-05-08)

Was this page helpful?