Use entity policies for secret store access instead of through jwt #332

Open

reda wants to merge 8 commits from feat/jwt-bearer-openbao-auth into docs/fleet-secrets-device-access

pull from: feat/jwt-bearer-openbao-auth

merge into: NationTech:docs/fleet-secrets-device-access

NationTech:master

NationTech:feat/fleet-ch2-operator-recovery

NationTech:feat/fleet-device-exec-logs

NationTech:feat/zitadel-web-pkce-and-human-user

NationTech:feat/fleet-ch5-graceful-deploy-upgrade

NationTech:feat/fleet-ch4-agent-upgrade

NationTech:feat/fleet-ch3-log-streaming

NationTech:feat/add-claims-for-openbao

NationTech:refactor/move-zitadel-jwt-to-module

NationTech:feat/fleet-operator-real-data

NationTech:docs/fleet-secrets-device-access

NationTech:chore/fleet-operator-prune-mock-dtos

NationTech:chore/rename-release-to-publish

NationTech:refactor/config-namespace-env-var

NationTech:feat/fleet-staging-openbao

NationTech:feat/auth-add-next-url-redirect

NationTech:pr/harmony-sso-example

NationTech:feat/unified-config-and-secrets

NationTech:ci/fleet-argo-cd

NationTech:ci/fleet-operator-release-pipeline

NationTech:feat/on-device-key-gen

NationTech:feat/install-gitea

NationTech:feat/v0-3-logs-companion

NationTech:refactor/smoke-companion-minimal

NationTech:feat/smoke-test-contract

NationTech:feat/iobench-redpanda-profile

NationTech:feat/v0-3-dashboard-role-enforcement

NationTech:feat/v0-3-init-containers

NationTech:feat/v0-3-operator-restart-baseline

NationTech:feat/fleet-e2e-x86

NationTech:feat/ceph-score

NationTech:feat/opnsense-bootstrap-score

NationTech:feat/fleet-e2e

NationTech:feat/fleet-e2e-harness-and-ping

NationTech:feat/dashboard-auth

NationTech:feat/fleet-operator-web-frontend

NationTech:feat/deploy_fleet_server_side

NationTech:feat/openwebui

NationTech:feat/iot-aggregation-scale

NationTech:feat/iot-operator-helm-chart

NationTech:feat/removesideeffect

NationTech:feat/test-alert-receivers-sttest

NationTech:feat/brocade-client-add-vlans

NationTech:feat/agent-desired-state

NationTech:feat/opnsense-dns-implementation

NationTech:feat/named-config-instances

NationTech:worktree-bridge-cse_012j1jB37XfjXvDGHUjHrKSj

NationTech:chore/leftover-adr

NationTech:feat/config_e2e_zitadel_openbao

NationTech:example/vllm

NationTech:feat/config_sqlite

NationTech:chore/roadmap

NationTech:feature/kvm-module

NationTech:feat/rustfs

NationTech:feat/harmony_assets

NationTech:feat/brocade_assisted_setup

NationTech:feat/cluster_alerting_score

NationTech:e2e-tests-multicluster

NationTech:fix/refactor_alert_receivers

NationTech:feat/change-node-readiness-strategy

NationTech:feat/zitadel

NationTech:feat/improve-inventory-discovery

NationTech:fix/monitoring_abstractions_openshift

NationTech:feat/nats-jetstream

NationTech:adr-nats-creds

NationTech:feat/st_test

NationTech:feat/dockerAutoinstall

NationTech:chore/cleanup_hacluster

NationTech:doc/cert-management

NationTech:feat/certificate_management

NationTech:adr/017-staleness-failover

NationTech:fix/nats_non_root

NationTech:feat/rebuild_inventory

NationTech:fix/opnsense_update

NationTech:feat/unshedulable_control_planes

NationTech:feat/worker_okd_install

NationTech:doc-and-braindump

NationTech:fix/pxe_install

NationTech:switch-client

NationTech:okd_enable_user_workload_monitoring

NationTech:configure-switch

NationTech:fix/clippy

NationTech:feat/gen-ca-cert

NationTech:feat/okd_default_ingress_class

NationTech:fix/add_routes_to_domain

NationTech:secrets-prompt-editor

NationTech:feat/multisiteApplication

NationTech:feat/ceph-install-score

NationTech:feat/ceph-osd-score

NationTech:feat/ceph_validate_health

NationTech:better-indicatif-progress-grouped

NationTech:feat/crd-alertmanager-configs

NationTech:better-cli

NationTech:opnsense_upgrade

NationTech:feat/monitoring-application-feature

NationTech:dev/postgres

NationTech:feat/cd/localdeploymentdemo

NationTech:feat/webhook_receiver

NationTech:feat/kube-prometheus

NationTech:feat/init_k8s_tenant

NationTech:feat/discord-webhook-receiver

NationTech:feat/kube-prometheus-monitor

NationTech:feat/tenantScore

NationTech:feat/teams-integration

NationTech:feat/slack-notifs

NationTech:monitoring

NationTech:runtime-profiles

Conversation 0 Commits 8 Files Changed 31 +1600 -633

reda commented 2026-06-07 16:55:07 +00:00

Owner

Copy Link

No description provided.

reda added 8 commits 2026-06-07 16:55:08 +00:00

add files for feature aacbc509b1

update env variable names a185ccc78a

remove env file e220f2ff10

stand alone module for jwt 788227b8c0

add files 57d9685c57

Merge branch 'feat/auth-add-next-url-redirect' into feat/jwt-bearer-openbao-auth 8d7ffeee91

resolve conflict, add files ob entity policy 649cfe84bf

add new files d453d2c6be

Some checks failed

Hide all checks

Run Check Script / check (pull_request) Failing after 53s

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feat/jwt-bearer-openbao-auth:feat/jwt-bearer-openbao-auth

git checkout feat/jwt-bearer-openbao-auth

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Architecture Decision Record

Good first issue

RFC

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

johnride jvtrudel reda stremblay

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: NationTech/harmony#332

No description provided.