Skip to main content

POST /admin/migrations/:id/commit

Write all approved items into live KnoxCall secrets. Each item creates or updates a secret and one secret_environment_config row per target environment. After commit the item’s encrypted value is zeroed and its status becomes committed. Auth: migration_reviewer permission + 5-minute step-up The migration must be in awaiting_review status. If any item fails to write, the entire commit is rolled back and the migration reverts to awaiting_review so the operator can investigate and retry. A migration.commit entry is written to audit_log_critical after a successful commit.

Response

Returns 409 if the migration is not in awaiting_review status, or if there are no approved items to commit.