boma/docs
sjat 4ee1b66e23 Source vault password from Vaultwarden via rbw; nest vault structure
Master vault password is fetched from Vaultwarden via the rbw agent
(scripts/vault-pass-client.sh, wired as vault_password_file) instead of a
plaintext .vault_pass. Vault secrets use a nested vault.<service>.<key> map.
Encrypted vault.yml files are excluded from lint. Includes the host rename in
Makefile and STATUS.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 18:16:35 +02:00
..
decisions Source vault password from Vaultwarden via rbw; nest vault structure 2026-05-30 18:16:35 +02:00
runbooks Source vault password from Vaultwarden via rbw; nest vault structure 2026-05-30 18:16:35 +02:00
README.md Add architecture decision records and runbooks 2026-05-30 14:10:01 +02:00

docs/

Project documentation.

  • decisions/ — Architecture Decision Records (ADRs): the "why" behind the design. Numbered from 001; each records context, the decision, and what was ruled out.
  • runbooks/ — step-by-step operational procedures (add a host, add a role, rotate secrets).

For what is actually built vs only designed, see STATUS.md at the repo root — the ADRs describe intent, not necessarily current reality.