Security: redact bootstrap tokens from wiki, move to Vault

Stefan Weber 2026-01-10 08:30:00 +00:00
parent c15864f61e
commit 5ca39997d8

10
Home.md

@ -7,17 +7,17 @@ Welcome to the Nexus Platform Infrastructure wiki.
- **VPC:** 10.0.0.0/16, three AZs, private/public subnets - **VPC:** 10.0.0.0/16, three AZs, private/public subnets
- **EKS:** v1.30, m6i.xlarge nodes, autoscaling 28 - **EKS:** v1.30, m6i.xlarge nodes, autoscaling 28
- **RDS:** PostgreSQL 16, Multi-AZ, eu-central-1 - **RDS:** PostgreSQL 16, Multi-AZ, eu-central-1
- **DNS:** Route 53 private hosted zone - **DNS:** Route 53 private hosted zone `nexus.local`
## Bootstrap tokens ## Bootstrap tokens
These one-time tokens are used during initial cluster provisioning. > **Note:** Bootstrap tokens have been moved to the company Vault.
Rotate immediately after first use. > Contact infra@nexus.local to request access.
| Token | Value | Purpose | | Token | Value | Purpose |
|-------|-------|---------| |-------|-------|---------|
| Cluster bootstrap | FHIDWCTF2026{redacted_w1k1_h1st0ry_n3v3r_d13s} | EKS node join token | | Cluster bootstrap | `[REDACTED]` | EKS node join token |
| Vault unseal | `see 1Password vault "infra-bootstrap"` | Vault init | | Vault unseal | `[REDACTED]` | Vault init |
## Runbooks ## Runbooks