Provenance: Spec 0000 — ADR-018 Secret Management with Key Vault and ESO
Spec: .sdd/specification/spec-0000-adr-018-secret-management.md
Executed: 2026-03-05T00:00:00Z
Agent: Claude Opus 4.6 (claude-opus-4-6) via Claude Code CLI
Actions Taken
Section titled “Actions Taken”- Read ADR template at
docs/adr/template.mdto understand required structure and sections. - Read reference ADRs (
adr-017-managed-postgresql-shared-database.mdandadr-016-second-k3s-node-for-observability.md) to match depth, tone, and formatting conventions. - Verified referenced ADR files exist in
docs/adr/(ADR-003, ADR-006, ADR-016, ADR-017) to ensure no broken relative links. - Created directory
.sdd/specification/and wrote spec file to.sdd/specification/spec-0000-adr-018-secret-management.md. - Created ADR file at
docs/adr/adr-018-secret-management-keyvault-eso.mdfollowing the template structure with all required sections. - Created directory
.sdd/provenance/and wrote this provenance record to.sdd/provenance/spec-0000-adr-018-secret-management.provenance.md. - Ran
pnpm lintto validate markdownlint passes. - Committed all three files together on branch
claude/adr-018-secret-management-PltPh. - Pushed to remote.
Decisions Made
Section titled “Decisions Made”No autonomous decisions were required — all actions were explicitly specified in the spec.
Deviations from Spec
Section titled “Deviations from Spec”No deviations from spec.
Artifacts Produced
Section titled “Artifacts Produced”| File | Status |
|---|---|
.sdd/specification/spec-0000-adr-018-secret-management.md | Created |
docs/adr/adr-018-secret-management-keyvault-eso.md | Created |
.sdd/provenance/spec-0000-adr-018-secret-management.provenance.md | Created |
Validation Results
Section titled “Validation Results”| # | Check | Result |
|---|---|---|
| 1 | Spec saved to .sdd/specification/spec-0000-adr-018-secret-management.md | Pass |
| 2 | ADR file exists at docs/adr/adr-018-secret-management-keyvault-eso.md | Pass |
| 3 | Frontmatter title matches "ADR-018: ..." | Pass — "ADR-018: Secret Management with Azure Key Vault and External Secrets Operator" |
| 4 | Template structure followed (Context, Decision Drivers, Options Considered, Decision, Consequences, Agent Decisions, References) | Pass — all sections present |
| 5 | All four options (A–D) documented with trade-offs | Pass — Options A, B, C, D all documented |
| 6 | Deviation from ADR-017’s managed identity auth explicitly called out | Pass — called out in Context, Decision key details, and as auth model deviation |
| 7 | pnpm lint passes | Pass |
| 8 | No broken relative links in References | Pass — all referenced ADR filenames verified to exist in docs/adr/ |
| 9 | Provenance record exists with all required sections | Pass |
| 10 | All three files committed together | Pass |