================================================================================
KORENET RAILS — TENANT WELCOME PACK · CREDENTIALS
Tenant: Vector Zulu LLC
Subdomain: vector.korenet.cloud
Generated: April 30, 2026
Classification: SOVEREIGN · INSTITUTIONAL GRADE · LICK-SIGNED · FAIL-CLOSED
Admin Level: FULL ADMIN
Vector Zulu LLC · KoreNet Sovereign Rails Tenant
Issued by: Kore Collective (Pty) Ltd · Registration: 2020/118214/07
================================================================================

ENDPOINTS
---------
Rails (tenant):   https://vector.korenet.cloud
KoreNet API:      https://api.korenet.cloud
KoreVault API:    https://vault.korenet.cloud/v1
OAuth 2.0:        https://auth.korenet.cloud
Token URL:        https://auth.korenet.cloud/oauth2/token
JWKS URL:         https://auth.korenet.cloud/.well-known/jwks.json

OAUTH 2.0 CLIENT (grant_type=client_credentials)
------------------------------------------------
client_id:     vz_6cd7b8d0c8a74feee1c64e3774d3f664
client_secret: REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT
audience:      https://api.korenet.cloud https://vector.korenet.cloud https://vault.korenet.cloud
scope:         rails:read rails:write transfers:read transfers:write vault:read vault:write vault:admin ledger:read ledger:write sentinel:read sentinel:write sentinel:admin kip:submit kip:approve compliance:read compliance:write treasury:read treasury:write crypto:custody crypto:transfer blockchain:anchor blockchain:verify admin:full

JWT BEARER TOKEN (Valid until April 30, 2027)
------------------------------------------
REDACTED.JWT.BEARER_TOKEN_PROVIDED_AT_BUILD

JWT DETAILS
-----------
Algorithm: HS256
Key ID:    korenet-rails-hs256-g1
Issuer:    https://auth.korenet.cloud
Audience:  https://api.korenet.cloud, https://vector.korenet.cloud
Subject:   tenant:vector-zulu
Issued:    April 30, 2026
Expires:   April 30, 2027
jti:       6bd961b436cd793e03b217e7c6d474bd
HS256 secret (keep secret — do NOT commit):
REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT

MTLS CLIENT CERTIFICATE
-----------------------
Common Name:         vector.korenet.cloud
Subject:             ZA, ST = Gauteng, L = Johannesburg, O = KoreNet Rails, OU = Vector Zulu, CN = vector.korenet.cloud, emailAddress = ops@vector.korenet.cloud
Organization:        KoreNet Rails
Organizational Unit: Vector Zulu
Valid From:          April 30, 2026
Valid Until:         April 30, 2027
Key Size:            4096-bit RSA
SHA-256 fingerprint: 48:3C:2E:16:3A:D5:D7:93:6D:F0:F7:16:39:19:09:75:F6:57:2C:94:0B:76:1D:04:DD:5A:78:54:82:AB:74:49
SHA-1  fingerprint:  A0:FC:D6:DF:B1:92:BA:2A:6C:B4:CE:5B:F0:3A:41:C0:38:01:99:E9
PFX passphrase:      REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT

Issuing CA: KoreNet Issuing CA G1
CA SHA-256 fingerprint: B9:04:5C:39:1E:BB:9C:4E:67:7F:19:5A:DF:A1:8E:AC:83:C2:A2:0F:34:03:3C:E1:24:DC:9A:1B:51:A0:EA:EC

Certificate files (in certificates/):
- vector-zulu-client.crt           · X.509 client certificate
- vector-zulu-client.key           · 4096-bit RSA private key
- vector-zulu-client.pem           · cert + key (for curl --cert)
- vector-zulu-client.fullchain.pem · client + CA (for server validation)
- vector-zulu-client.pfx           · PKCS12 bundle (PFX password above)
- korenet-issuing-ca.crt        · KoreNet Issuing CA G1

VAULTS
------
1. FIAT VAULT — 50 BILLION USD
   Amount:        USD 50,000,000,000.00
   Type:          SOVEREIGN_INSTITUTIONAL
   Status:        ACTIVE
   Sentinel Tier: A
   Fail-Closed:   Yes
   LICK Signing:  Required
   KoreChain:     Anchored
   Settlement:    T+0 (immediate)
   STP:           Enabled
   Escrow:        Enabled

2. DIGITAL ASSET VAULT — 25 BILLION USDT ERC-20
   Amount:          USDT 25,000,000,000.00
   Token Standard:  ERC-20
   Contract:        0xdAC17F958D2ee523a2206206994597C13D831ec7
   Type:            SOVEREIGN_INSTITUTIONAL
   Status:          ACTIVE
   Sentinel Tier:   A
   Fail-Closed:     Yes
   LICK Signing:    Required
   KoreChain:       Anchored
   Settlement:      T+0 (immediate)

3. CRYPTOCURRENCY VAULT — 5,000 BTC
   Amount:        BTC 5,000.00000000
   Type:          SOVEREIGN_INSTITUTIONAL
   Status:        ACTIVE
   Sentinel Tier: A
   Fail-Closed:   Yes
   LICK Signing:  Required
   KoreChain:     Anchored
   Settlement:    T+0 (immediate)

TOTAL VAULT PORTFOLIO
   USD:  50,000,000,000.00
   USDT: 25,000,000,000.00 (ERC-20)
   BTC:  5,000.00000000

ADMIN ACCESS
------------
Admin Level:    FULL ADMIN
Roles:          superadmin, vault_admin, transfer_admin, ledger_admin,
                sentinel_admin, kip_admin, compliance_admin, treasury_admin,
                crypto_admin
Multi-Sig:      2-of-4 Signatory Quorum
Authorized Signers:
  1. General Benjii
  2. BW Maiden
  3. settlement.executor@korenet.vip
  4. vector-zulu-admin@korenet.cloud

4-Signatory Quorum (Sentinel Tier-A override):
  Maiden / Governor / Kore Society DAO / General Benjii

ENVIRONMENT VARIABLES
---------------------
export VECTOR_ZULU_TENANT="vector-zulu"
export VECTOR_ZULU_SUBDOMAIN="vector.korenet.cloud"
export VECTOR_ZULU_RAILS_URL="https://vector.korenet.cloud"
export VECTOR_ZULU_API_URL="https://api.korenet.cloud"
export VECTOR_ZULU_VAULT_URL="https://vault.korenet.cloud/v1"
export VECTOR_ZULU_OAUTH_URL="https://auth.korenet.cloud"
export VECTOR_ZULU_CLIENT_ID="vz_6cd7b8d0c8a74feee1c64e3774d3f664"
export VECTOR_ZULU_CLIENT_SECRET="REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT"
export VECTOR_ZULU_JWT="REDACTED.JWT.BEARER_TOKEN_PROVIDED_AT_BUILD"
export VECTOR_ZULU_JWT_SECRET="REDACTED.JWT.BEARER_TOKEN_PROVIDED_AT_BUILD"
export VECTOR_ZULU_CERT="certificates/vector-zulu-client.crt"
export VECTOR_ZULU_KEY="certificates/vector-zulu-client.key"
export VECTOR_ZULU_PFX="certificates/vector-zulu-client.pfx"
export VECTOR_ZULU_PFX_PASS="REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT"
export VECTOR_ZULU_CA="certificates/korenet-issuing-ca.crt"

QUICK TEST COMMANDS
-------------------
# 1. Authenticate via OAuth2 client_credentials (issues a fresh access_token)
curl -X POST "$VECTOR_ZULU_OAUTH_URL/oauth2/token" \
     --cert "$VECTOR_ZULU_CERT" --key "$VECTOR_ZULU_KEY" \
     --cacert "$VECTOR_ZULU_CA" \
     -u "$VECTOR_ZULU_CLIENT_ID:$VECTOR_ZULU_CLIENT_SECRET" \
     -d "grant_type=client_credentials&scope=rails:read rails:write vault:admin admin:full"

# 2. Call the tenant rails endpoint (mTLS + Bearer JWT)
curl --cert "$VECTOR_ZULU_CERT" --key "$VECTOR_ZULU_KEY" --cacert "$VECTOR_ZULU_CA" \
     -H "Authorization: Bearer $VECTOR_ZULU_JWT" \
     "$VECTOR_ZULU_RAILS_URL/api/v1/health"

# 3. List vaults
curl --cert "$VECTOR_ZULU_CERT" --key "$VECTOR_ZULU_KEY" --cacert "$VECTOR_ZULU_CA" \
     -H "Authorization: Bearer $VECTOR_ZULU_JWT" \
     "$VECTOR_ZULU_VAULT_URL/vaults?tenant=vector-zulu"

# 4. Windows/.NET (PFX)
curl --cert-type P12 --cert "$VECTOR_ZULU_PFX:$VECTOR_ZULU_PFX_PASS" \
     -H "Authorization: Bearer $VECTOR_ZULU_JWT" \
     "$VECTOR_ZULU_RAILS_URL/api/v1/health"

SUPPORT
-------
Onboarding:       onboarding@korenet.cloud
Technical:        dev-support@korenet.cloud
Security / abuse: security@korenet.cloud
Emergency:        emergency@korenet.cloud

SECURITY NOTES
--------------
- Rotate client_secret and JWT signing secret before April 30, 2027.
- Never commit this file to version control.
- mTLS is MANDATORY — bearer tokens alone are rejected by the rails endpoint.
- All vault operations require LICK signing.
- Sentinel Tier-A: any anomaly triggers full tenant freeze pending 4-Signatory Quorum clearance.
- KoreChain anchoring is enabled for all vault transactions.

================================================================================
END OF CREDENTIALS FILE
