(self-merged as part of a move to merge *every* pillar/credentials/vault.sls change to avoid a publish/revert wheel of secrets for salt-node-windriver policy)

Dorian and me meet this evening to do the switch.

See comments

Current mitigation plan is to port our Rocket applications to Axum.

So, finally, we've decided to go with Postfix, the more currently maintained.

See also https://www.dereckson.be/blog/2024/10/06/openmetrics-for-ccache/ for blog announcement with the explanation of how it works.

Opened https://phabricator.wolfplex.org/T97 on the Wolfplex collaboration platform to document the missing files.

tests/vault/client content written with Claude Sonnet 4 assistance.

In T2124#32520, @dereckson wrote:

Next steps for full automation:

• allow to login with proper credentials
  • Vault via rOPS: Create a permission for access to relevant credentials (see first comment of this post, acquisitariat not needed)
  • Vault manually: Create an AppRole linked to that permission
  • Code: allow to login to Vault with AppRole when available in environment or when a file exists, TO IMPLEMENT FOR BOTH TOOLS (bot needs Agora, run-report needs db-B-001).
• deploy the bot on WindRiver
  • Vault via rOPS: credentials to query Vault (ie secret id and role id from the AppRole)
  • Salt: create rhyne-wyse user
  • Salt: create /var/db/rhyne-wyse, chown to rhyne-wyse:nasquenautes in 775, so everyone can run the bot too
  • Salt: provide /etc/periodic configuration to run the script daily

Tested correctly with Complector and WindRiver. Can run the bot succesfully afterwards.

Just for information, log doesn't have any timestamp.

Proper headers for Sphinx autogenerated configuration

No need to build secretsmith in rOPS, going to push to PyPI once doc is published at https://docs.nasqueron.org/secretsmith

Rebased. Rhyne-Wise -> Rhyne-Wyse too here.