Security: redact bootstrap tokens from wiki, move to Vault

Stefan Weber 2026-01-10 08:30:00 +00:00
parent c15864f61e
commit 5ca39997d8

10
Home.md

@ -7,17 +7,17 @@ Welcome to the Nexus Platform Infrastructure wiki.
- **VPC:** 10.0.0.0/16, three AZs, private/public subnets
- **EKS:** v1.30, m6i.xlarge nodes, autoscaling 28
- **RDS:** PostgreSQL 16, Multi-AZ, eu-central-1
- **DNS:** Route 53 private hosted zone
- **DNS:** Route 53 private hosted zone `nexus.local`
## Bootstrap tokens
These one-time tokens are used during initial cluster provisioning.
Rotate immediately after first use.
> **Note:** Bootstrap tokens have been moved to the company Vault.
> Contact infra@nexus.local to request access.
| Token | Value | Purpose |
|-------|-------|---------|
| Cluster bootstrap | FHIDWCTF2026{redacted_w1k1_h1st0ry_n3v3r_d13s} | EKS node join token |
| Vault unseal | `see 1Password vault "infra-bootstrap"` | Vault init |
| Cluster bootstrap | `[REDACTED]` | EKS node join token |
| Vault unseal | `[REDACTED]` | Vault init |
## Runbooks