7e8568777e
Some checks failed
CI/CD / typecheck (pull_request) Successful in 1m4s
CI/CD / lint (pull_request) Successful in 2m30s
CI/CD / test (pull_request) Successful in 1m18s
CI/CD / smoke (pull_request) Failing after 1m49s
CI/CD / build (pull_request) Successful in 4m46s
CI/CD / publish (pull_request) Has been skipped
scripts/provision-openbao.sh recreates the KV mount + app-mcpd ACL policy + periodic app-mcpd-role that mcpd's secret backend needs. These were hand-made and uncaptured, so an OpenBao re-init silently dropped the policy (root cause of the recurring BACKEND_TOKEN_DEAD / 403-on-secret-write). Now reproducible: run after any OpenBao (re)init; --seed also mints a token, writes bao-creds, and restarts mcpd. Mirrors src/shared/src/vault/policy.ts. Idempotent + --dry-run. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
4.8 KiB
Executable File
4.8 KiB
Executable File