groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

docs(UAT_PLAYBOOK): document canonical source-of-truth for UAT seed passwords (GRO-2000) #132

Merged
Flea Flicker merged 1 commits from flea/gro-2000-uat-password-source-doc into dev 2026-06-01 17:11:13 +00:00
Conversation 2 Commits 1 Files Changed 1
+21

1 Commits

Author SHA1 Message Date
Paperclip 337c0e2733 docs(UAT_PLAYBOOK): document canonical source-of-truth for UAT seed passwords (GRO-2000)
CI / Test (pull_request) Successful in 10s
Details
CI / Lint & Typecheck (pull_request) Successful in 18s
Details
CI / Build & Push Docker Images (pull_request) Successful in 36s
Details 
The 'Source of truth for UAT passwords' subsection under Pre-conditions
records:

- The seed-uat-passwords Secret in groombook-uat is the live source.
- The Bitnami SealedSecret apps/overlays/uat/ss-seed-uat-passwords.yaml
  in groombook/infra is the single upstream source of truth.
- A kubectl recipe to pull the current values for SUPER / GROOMER /
  TESTER / CUSTOMER at the start of every UAT run.
- The 'captured env var from a previous rotation produces 401' failure
  mode that GRO-2000 hit, and the manual-reseed escape hatch if the
  login still 401s after pulling the live value.

Refs: GRO-2000, GRO-1977 (idempotent re-hash), GRO-1999 (enum fix that
allowed the seed Job to run cleanly again).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-01 15:30:34 +00:00