feat(offsite-backup): olsitec-foundation bucket + scoped creds on home MinIO
CONTRACT_004 offsite target (ADR-004 'second self-hosted location'). @pulumi/minio program (modeled on olsicloud4 modules/minio): bucket 'olsitec-foundation' + scoped IAM user/policy + service account on minio.wob.olsitec.de:19000. Verified: scoped SA can put/list/delete in its bucket, DENIED cross-bucket. Admin creds + scoped creds via ENV/state only (gitignored), never committed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
42f0aec52a
commit
db47037bdc
8 changed files with 124 additions and 1 deletions
6
offsite-backup/package.json
Normal file
6
offsite-backup/package.json
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
"name": "@olsitec/foundation-offsite-backup",
|
||||
"private": true, "version": "0.0.0", "main": "index.ts",
|
||||
"dependencies": { "@pulumi/minio": "^0.16.0", "@pulumi/pulumi": "^3.138.0" },
|
||||
"devDependencies": { "@types/node": "^18", "typescript": "^5.0.0" }
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue