Resource record carries owner, scope, endpoint, status, and metadata.
Resources
Resources are the targets Anchor manages or brokers access to. A useful resource record is specific enough to support policy decisions, job execution, and audit review.
Resource Metadata
Section titled “Resource Metadata”Useful metadata includes name, type, host or endpoint, account identifier, username, scope, owner, environment, status, policy attachment, reconcile relationship, last verification, last rotation, and operational notes.
The metadata should answer a reviewer’s first questions without leaving the control plane: what is this target, who owns it, which account is involved, which policy governs it, and what was the last known operational state?
Resource Status
Section titled “Resource Status”Status helps operators quickly distinguish healthy, unverified, degraded, failed, drifted, or action-required resources. Status is more valuable when it stays tied to the last action, last check, job result, and policy expectation that produced it.
Verification and Rotation
Section titled “Verification and Rotation”Verification confirms that Anchor can still reach and validate a managed target or credential state. Rotation changes managed credential material according to policy and records the result as operational evidence.
Both workflows are most useful when they remain tied to resource ownership, account context, policy expectations, job history, and logs.
Reconciliation
Section titled “Reconciliation”Reconciliation helps bring resource or account reality back in line when observed state no longer matches Anchor’s intended state. Drift can include credential mismatch, missing account state, unexpected resource status, SSH key mismatch, failed verification, or policy bindings that no longer reflect ownership.
Reconcile workflows matter because they turn “we found a mismatch” into controlled remediation with job steps, result context, and audit evidence.
Bulk Operations
Section titled “Bulk Operations”Anchor treats high-volume changes as controlled workflows, not blind writes. Bulk resource actions should support preflight review, blocked-item explanations, allowed-item execution, and clear job outcomes.
This is a practical operating advantage over manual PAM administration: teams can verify, rotate, reconcile, or review many targets while preserving policy checks and evidence for each object.
Dependency Awareness
Section titled “Dependency Awareness”Before a resource changes or is removed, operators need to understand what depends on it: policy bindings, secret versions, reveal events, job history, log preferences, and reconcile references. Dependency summaries make cleanup safer and make operational ownership easier to explain.
Onboarding Guidance
Section titled “Onboarding Guidance”Start with resources that are safe to test. Expand once verification, rotation, logging, and backup expectations are understood.