OVES Secrets & Trust Infrastructure
Documentation for OVES secret management strategy, trust infrastructure roadmap, and architecture decisions.
Quick Links
- ADR-001: Vault OSS as Strategic Platform — Baseline decision on machine secrets and trust infrastructure
- Roadmap — Phased implementation timeline (2026–2028+)
Principles
- Human credentials and machine secrets are separate concerns — different tools, different governance
- Vault OSS is the strategic platform — deploy as Vault-Lite initially, expand as maturity grows
- Bitwarden is the system of record for human credentials — standardize before expanding machine trust
- Delay complexity, not platform choice — the right platform from day one, operated at the right level
Four Layers
| Layer | Question | Tool |
|---|---|---|
| Identity | Who are you? | Azure AD, Passkeys |
| Secret Management | What may be accessed? | Vault OSS |
| Trust Infrastructure | How do systems prove identity? | Vault PKI |
| Blockchain Anchoring | How can trust become immutable? | Public blockchain |
Small notes: progressive architecture decisions are tracked in Architecture Decision Records; stable lookup material lives under Reference.