================================================================================
KORENET RAILS — TENANT WELCOME PACK · CREDENTIALS
Tenant: African Banking Corporation Limited (ABC Bank Kenya)
Tenant Type: Commercial Bank
Subdomain: abc-kenya.korenet.cloud
Portal: https://korenet.cloud
Generated: May 27, 2026
Classification: SOVEREIGN · INSTITUTIONAL GRADE · LICK-SIGNED · FAIL-CLOSED
Admin Level: FULL ADMIN
African Banking Corporation Limited (ABC Bank Kenya) · KoreNet Sovereign Rails Tenant
Issued by: Kore Collective (Pty) Ltd · Registration: 2020/118214/07
================================================================================

SWIFT Code:       ABCLKENA
Branch Code:      035001
Jurisdiction:     CBK
Regulatory Tier:  TIER_1_INSTITUTIONAL
Weekly Limit:     150000000.00
Settlement CCY:   KES

ENDPOINTS
---------
Portal:           https://korenet.cloud
Rails (tenant):   https://abc-kenya.korenet.cloud
KoreNet API:      https://api.korenet.cloud
OAuth 2.0:        https://auth.korenet.cloud
Token URL:        https://auth.korenet.cloud/oauth2/token
JWKS URL:         https://auth.korenet.cloud/.well-known/jwks.json

OAUTH 2.0 CLIENT (grant_type=client_credentials)
------------------------------------------------
client_id:     ab_abc6f1febb16d537984ccea8b7503b63
client_secret: REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT
audience:      https://api.korenet.cloud https://abc-kenya.korenet.cloud
scope:         rails:read rails:write transfers:read transfers:write vault:read ledger:read sentinel:read kip:submit vault:write vault:pair transfers:bulk compliance:read

ROLES & PERMISSIONS
-------------------
Roles:       tenant-admin, rails-operator, commercial-bank-officer
Permissions: rails.dispatch, rails.status, transfers.initiate, transfers.query, vault.query, ledger.query, sentinel.events.read, kip.submit, vault.pair, vault.pair_bank_account, transfers.bulk_dispatch, compliance.submit_report

JWT BEARER TOKEN (Valid until May 27, 2027)
------------------------------------------
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImtvcmVuZXQtcmFpbHMtaHMyNTYtZzEifQ.eyJpc3MiOiJodHRwczovL2F1dGgua29yZW5ldC5jbG91ZCIsImF1ZCI6WyJodHRwczovL2FwaS5rb3JlbmV0LmNsb3VkIiwiaHR0cHM6Ly9hYmMta2VueWEua29yZW5ldC5jbG91ZCJdLCJzdWIiOiJ0ZW5hbnQ6YWJjLWtlbnlhIiwidGVuYW50IjoiYWJjLWtlbnlhIiwidGVuYW50X25hbWUiOiJBZnJpY2FuIEJhbmtpbmcgQ29ycG9yYXRpb24gTGltaXRlZCAoQUJDIEJhbmsgS2VueWEpIiwidGVuYW50X3R5cGUiOiJDb21tZXJjaWFsIEJhbmsiLCJzdWJkb21haW4iOiJhYmMta2VueWEua29yZW5ldC5jbG91ZCIsInN3aWZ0IjoiQUJDTEtFTkEiLCJicmFuY2hfY29kZSI6IjAzNTAwMSIsImp1cmlzZGljdGlvbiI6IkNCSyIsInJlZ3VsYXRvcnlfdGllciI6IlRJRVJfMV9JTlNUSVRVVElPTkFMIiwid2Vla2x5X2xpbWl0IjoiMTUwMDAwMDAwLjAwIiwiaWF0IjoxNzQ4MDQ0ODAwLCJleHAiOjE3Nzk1ODA4MDAsImp0aSI6Ijg1NmM5MDA1MGQ0NDE2ZDhkZTIwMTdiZmI4YzA5ODgwIiwic2NvcGUiOiJyYWlsczpyZWFkIHJhaWxzOndyaXRlIHRyYW5zZmVyczpyZWFkIHRyYW5zZmVyczp3cml0ZSB2YXVsdDpyZWFkIGxlZGdlcjpyZWFkIHNlbnRpbmVsOnJlYWQga2lwOnN1Ym1pdCB2YXVsdDp3cml0ZSB2YXVsdDpwYWlyIHRyYW5zZmVyczpidWxrIGNvbXBsaWFuY2U6cmVhZCIsInJvbGVzIjpbInRlbmFudC1hZG1pbiIsInJhaWxzLW9wZXJhdG9yIiwiY29tbWVyY2lhbC1iYW5rLW9mZmljZXIiXSwicGVybWlzc2lvbnMiOlsicmFpbHMuZGlzcGF0Y2giLCJyYWlscy5zdGF0dXMiLCJ0cmFuc2ZlcnMuaW5pdGlhdGUiLCJ0cmFuc2ZlcnMucXVlcnkiLCJ2YXVsdC5xdWVyeSIsImxlZGdlci5xdWVyeSIsInNlbnRpbmVsLmV2ZW50cy5yZWFkIiwia2lwLnN1Ym1pdCIsInZhdWx0LnBhaXIiLCJ2YXVsdC5wYWlyX2JhbmtfYWNjb3VudCIsInRyYW5zZmVycy5idWxrX2Rpc3BhdGNoIiwiY29tcGxpYW5jZS5zdWJtaXRfcmVwb3J0Il0sIm10bHNfY2VydF9zaGEyNTYiOiJFRjoxQjowNjoxQTpBMDo2OTpGNjpGQTo3MjpEQTo4RDoyNDpCODpBMzpFNTpCRjpDOTozMjo4NTo1QTo5MTpDMDpCMTowNTpGMToyMTo2NzowODpERTo3QzpBOTpCRiJ9.VKnOcCOuC074lN8QW4eq2L70-PRaqeu1MBJOS30BW50

JWT DETAILS
-----------
Algorithm: HS256
Key ID:    korenet-rails-hs256-g1
Issuer:    https://auth.korenet.cloud
Audience:  https://api.korenet.cloud, https://abc-kenya.korenet.cloud
Subject:   tenant:abc-kenya
Issued:    May 27, 2026
Expires:   May 27, 2027
jti:       856c90050d4416d8de2017bfb8c09880
HS256 secret (keep secret — do NOT commit):
REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT

MTLS CLIENT CERTIFICATE
-----------------------
Common Name:         abc-kenya.korenet.cloud
Subject:             KE, ST = Nairobi, L = Nairobi, O = KoreNet Rails, OU = African Banking Corporation Limited (ABC Bank Kenya), CN = abc-kenya.korenet.cloud, emailAddress = ops@abc-kenya.korenet.cloud
Organization:        KoreNet Rails
Organizational Unit: African Banking Corporation Limited (ABC Bank Kenya)
Valid From:          May 27, 2026
Valid Until:         May 27, 2027
Key Size:            4096-bit RSA
SHA-256 fingerprint: EF:1B:06:1A:A0:69:F6:FA:72:DA:8D:24:B8:A3:E5:BF:C9:32:85:5A:91:C0:B1:05:F1:21:67:08:DE:7C:A9:BF
SHA-1  fingerprint:  F1:82:D2:2C:3A:4D:9A:AB:53:CF:70:85:5D:EA:96:6D:A1:D7:05:38
PFX passphrase:      REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT

Issuing CA: KoreNet Issuing CA G1
CA SHA-256 fingerprint: 5A:6B:E3:CA:C9:E6:B9:98:FE:5D:0A:F3:43:7B:B9:8B:C8:5F:E2:09:D0:B2:76:6F:AB:0A:6F:48:7B:65:13:DA

Certificate files (in certificates/):
- abc-kenya-client.crt           · X.509 client certificate
- abc-kenya-client.key           · 4096-bit RSA private key
- abc-kenya-client.pem           · cert + key (for curl --cert)
- abc-kenya-client.fullchain.pem · client + CA (for server validation)
- abc-kenya-client.pfx           · PKCS12 bundle (PFX password above)
- korenet-issuing-ca.crt           · KoreNet Issuing CA G1 (public only)

ENVIRONMENT VARIABLES
---------------------
export ABC_KENYA_TENANT="abc-kenya"
export ABC_KENYA_SUBDOMAIN="abc-kenya.korenet.cloud"
export ABC_KENYA_PORTAL_URL="https://korenet.cloud"
export ABC_KENYA_RAILS_URL="https://abc-kenya.korenet.cloud"
export ABC_KENYA_API_URL="https://api.korenet.cloud"
export ABC_KENYA_OAUTH_URL="https://auth.korenet.cloud"
export ABC_KENYA_CLIENT_ID="ab_abc6f1febb16d537984ccea8b7503b63"
export ABC_KENYA_CLIENT_SECRET="REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT"
export ABC_KENYA_JWT="REDACTED.JWT.BEARER_TOKEN_PROVIDED_AT_BUILD"
export ABC_KENYA_JWT_SECRET="REDACTED.JWT.BEARER_TOKEN_PROVIDED_AT_BUILD"
export ABC_KENYA_CERT="certificates/abc-kenya-client.crt"
export ABC_KENYA_KEY="certificates/abc-kenya-client.key"
export ABC_KENYA_PFX="certificates/abc-kenya-client.pfx"
export ABC_KENYA_PFX_PASS="REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT"
export ABC_KENYA_CA="certificates/korenet-issuing-ca.crt"

QUICK TEST COMMANDS
-------------------
# 1. Mint an OAuth access token (production pattern)
curl -X POST "$ABC_KENYA_OAUTH_URL/oauth2/token" \
     --cert "$ABC_KENYA_CERT" --key "$ABC_KENYA_KEY" \
     --cacert "$ABC_KENYA_CA" \
     -u "$ABC_KENYA_CLIENT_ID:$ABC_KENYA_CLIENT_SECRET" \
     -d "grant_type=client_credentials&scope=rails:read rails:write transfers:read transfers:write vault:read ledger:read sentinel:read kip:submit vault:write vault:pair transfers:bulk compliance:read"

# 2. Call tenant rails (mTLS + Bearer JWT)
curl --cert "$ABC_KENYA_CERT" --key "$ABC_KENYA_KEY" --cacert "$ABC_KENYA_CA" \
     -H "Authorization: Bearer $ABC_KENYA_JWT" \
     "$ABC_KENYA_RAILS_URL/api/v1/rails/health"


SENTINEL & QUORUM
-----------------
Sentinel Tier-B monitoring
2-Signatory Quorum required for state-changing operations
LICK-signed audit trail via Kore Collective LICK G1

CLASSIFICATION REMINDER
-----------------------
This pack is SOVEREIGN · INSTITUTIONAL GRADE. Treat all secrets above as
HSM-protected material. Rotate via the KoreNet rotation workbench
(https://korenet.cloud/rotation) — never edit this file in place.
