Migration note: Migrated from ADR-0005 on 2026-05-02 per ADR-0047. Original file retained at
docs/adr/0005-it-ot-separation-scope.mdwith deprecation banner.
IAM-0002: IT/OT Zone Separation Policy¶
Sources¶
- ADR-0005: IT/OT separation at folder and inventory level, not repo level (2026-03-31)
| Field | Value |
|---|---|
| ID | IAM-0002 |
| Date | 2026-03-31 |
| Status | Accepted |
| Deciders | Ben Peries |
| Class | security/IAM |
Status¶
Accepted — 2026-03-31
Context¶
The platform serves both IT and OT workloads. A decision was needed on whether to separate IT and OT at the repo level or within shared repos using folder and inventory structure.
Decision¶
IT/OT separation is enforced at the folder and Ansible inventory level within shared repos. The repo split is sensitivity-based:
archon-platform— infra, nodes, k3s, Terraform, Ansiblearchon-apps— Grafana, Node-RED, Ollama, peries.ca, MQTT, ESP32 firmwarearchon-cloud— Azure/GCP/AWS/Alibaba credentials and configs
Inside archon-apps, IT and OT content is separated by folder and by Ansible inventory (inventories/it/ vs inventories/ot/).
Alternatives Considered¶
Separate repos (archon-it, archon-ot) — Cross-repo dependency complexity. Shared Ansible roles would need a third repo or duplication. More branch policies to maintain.
Single monorepo — Mixes credential sensitivity levels in one access boundary. Cloud credentials and OT firmware in the same scope is poor security practice.
Consequences¶
- Ansible inventories must clearly separate IT and OT hosts
- Pipelines must use path filters to route IT vs OT changes correctly
archon-cloudaccess control must be tighter than other repos- OT-specific ADRs live in
archon-apps/docs/adr/
References¶
- GOV-0001: Hybrid branching strategy — GitFlow applies to OT folders in archon-apps
- IAM-0003: IT Ansible service account (ansible-svc-account)
- IAM-0004: OT Ansible service account (ansible-ot-svc-account)