Initial setup
Single-server control plane
Bootstrap Aegis with a resident passkey.
Create the first owner account, register the local sign-in credential, then store the generated TOTP seed and one-time recovery kit before opening the shell.
Server posture
Sealed
Initialized: true
Operators present
1
Bootstrap stays available until the first operator is created.
Passkey-first access
Enroll a resident passkey before any password fallback is involved, so the first login posture starts hardware-backed.
One-time recovery disclosure
The TOTP seed and recovery kit are displayed once after registration. Store them offline before continuing.
Audit chain begins here
The bootstrap operator becomes the attribution root for subsequent privileged actions across the panel.
Owner enrollment
Create the first operator
This is the initial bootstrap path. Once the owner is registered, sign-in moves to passkey, TOTP, and recovery-code flows.
This server is already initialized.
Sign in with an existing operator account instead of creating another bootstrap owner.