Ephemeral Castle Hetzner Vault Runtime
Scope
This page describes the ephemeral-castle macro-area dedicated to the Hetzner-based lushycorp-vault runtime.
Current Synthesis
Inside ephemeral-castle/, the Hetzner Vault runtime is a dedicated runtime-oriented track separate from the Proxmox plus Talos cluster bootstrap path. It focuses on running and preserving a private Vault system on Hetzner VPS infrastructure, with lifecycle, durability, restore, and operator-recovery contracts developed in staged layers.
Main Structure
- runtime root:
ephemeral-castle/runtimes/lushycorp-vault/hetzner/ - local lifecycle track for deterministic first-init and host-local behavior
- S3 backup and recovery track for remote durability and restore
Key Architectural Characteristics
- the historical private service identity was
lushycorp-api.ts.tazlab.net(retired); the runtime was converged ontolushycorp-vault.magellanic-gondola.ts.netvia09-vault-k8s-integration-prepPhase 1 (completed 2026-04-29) - local lifecycle and remote durability were deliberately split into staged design and build tracks
- remote durability uses S3 lineage pointers and bounded slot rotation rather than ad-hoc latest-file assumptions
- TazPod remains the source of operator recovery artifacts, while host-side retained material is intentionally minimal
- destroy/create validation on 2026-04-28 confirmed that the remote-durability matrix still hard-fails when operator-side canonical bootstrap artifacts are absent while S3 remains coherent (
T0 + H0 + S1)
Why It Matters
This runtime is one of the most infrastructure-heavy parts of TazLab outside the cluster path. It carries lessons about rebirth, restore coherence, secret custody, and fail-fast infrastructure design that are useful beyond the specific Vault runtime itself.
Relationships
- parent repository hub: ephemeral-castle
- depends operationally on tazpod for operator-side secret custody
- related to Ephemeral Castle Tailscale Foundation because Tailscale is the network backbone used across the infrastructure story
- related to TazLab Secret And Identity Flow
Source Basis
AGENTS.ctx/ephemeral-castle/CONTEXT.mdAGENTS.ctx/memory/system-state.md