RFC Authoring Standards                                           Section 7
Category: Standards Track                      Invariants and Requirements

### Invariant N — <Short Title>
 
<Statement using MUST/MUST NOT>
 
<Brief explanation of why this invariant exists>

### Invariant 3 — Secret Authority
 
HashiCorp Vault MUST be the sole authoritative source for secrets
required by platform applications.
 
This invariant ensures centralized secret lifecycle management
and auditability. Violation would create untracked secrets
outside the rotation and audit framework.

### N.N.N <Goal Title>
 
<Description of the goal>
 
<Why this goal matters>

### 2.1.1 Unified Identity
 
All platform users and services authenticate through a single
identity chain, enabling consistent authorization across all
platform applications.
 
Unified identity reduces operational complexity and ensures
consistent security policy enforcement.

### N.N.N <Non-Goal Title>
 
<What is excluded>
 
<Why it is excluded or where it is addressed>

### 2.2.1 User Provisioning
 
This architecture does NOT define how users are created or
deprovisioned. User lifecycle management is out of scope.
 
See RFC-IDENTITY-LIFECYCLE-0001 for user provisioning.