Design

The architectural decisions behind Token Rotator. Each page covers one pillar.

• One CRD per source — why we rejected a single generic Token CRD.
• Naming — API group and kind conventions.
• Aggregation — shared categories and printer columns.
• Shared spec and status — common fields embedded in every source CRD.
• Resolutions to open questions — decisions on failure handling, rotation strategy, export targets, and credential management.