From c72e1fff66373abaae39e047ef086a36a2b583fe Mon Sep 17 00:00:00 2001 From: Spendlik Date: Mon, 15 Jun 2026 18:10:13 +0000 Subject: [PATCH] =?UTF-8?q?Add=20secrets-index.md=20=E2=80=94=20map=20of?= =?UTF-8?q?=20service=20credentials=20and=20where=20they=20are=20stored?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- secrets-index.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 secrets-index.md diff --git a/secrets-index.md b/secrets-index.md new file mode 100644 index 0000000..7293b8c --- /dev/null +++ b/secrets-index.md @@ -0,0 +1,74 @@ +# Secrets Index + +> Last updated: 2026-06-15 +> This file maps services to WHERE credentials are stored — not the credentials themselves. +> Actual secrets live in Vaultwarden (vault.spendlik.sk). + +--- + +## 🔑 API Keys & Tokens + +| Service | Key Name | Stored In | Notes | +|---|---|---|---| +| Anthropic Claude API | `ANTHROPIC_API_KEY` | Vaultwarden | Used by n8n for content generation | +| Brickset API | `BRICKSET_API_KEY` | Vaultwarden | For kocka-novinky.sk automation | +| WebSupport API | `API_KEY` + `API_SECRET` | CT 108 `/usr/local/bin/ddns-update.sh` | HMAC-SHA1 auth, service ID `15056760` | +| Gitea token (MCP) | `GITEA_TOKEN` | CT 112 `/opt/mcp-server/.env` | Read/write access to all repos | +| Proxmox API token | `PROXMOX_TOKEN_SECRET` | CT 112 `/opt/mcp-server/.env` | `mcp@pam!mcp-token`, read-only | +| WordPress App Password (kocka-novinky.sk) | `n8n` application password | Vaultwarden | User: Spendlik, for REST API | +| Google Drive (rclone) | OAuth token | `~/.config/rclone/rclone.conf` on CachyOS | Auto-refreshes | + +--- + +## 🌐 Service Credentials + +| Service | Username | Password Location | Notes | +|---|---|---|---| +| Proxmox web UI | `root` | Vaultwarden | `192.168.1.48:8006` | +| Gitea | `spendlik` | Vaultwarden | `git.spendlik.sk` | +| n8n | — | Vaultwarden | `automation.spendlik.sk` (Authelia protected) | +| Paperless-ngx | admin | Vaultwarden | `paperless.spendlik.sk` | +| Vaultwarden | spendlik@gmail.com | Master password (memorised) | `vault.spendlik.sk` | +| Authelia | spendlik | Vaultwarden | `auth.spendlik.sk` | +| WordPress (kocka-novinky.sk) | Spendlik | Vaultwarden | Admin panel | +| WebSupport | — | Vaultwarden | DNS + hosting management | +| NAS (Synology) | — | Vaultwarden | `192.168.1.12` | + +--- + +## 🗄️ Database Credentials + +| Service | DB | User | Password Location | +|---|---|---|---| +| Paperless-ngx | PostgreSQL 16 | `paperless` | CT 111 `/opt/paperless/docker-compose.yml` env | +| Vaultwarden | SQLite | — | `/opt/vaultwarden/data/db.sqlite3` in CT 115 | +| kocka-novinky.sk WordPress | MySQL/MariaDB | — | WebSupport hosting panel + wp-config.php | + +--- + +## 🌍 WebSupport DNS Record IDs + +> Full table also in `00_index.md`. Script: CT 108 `/usr/local/bin/ddns-update.sh` + +| Subdomain | Record ID | +|---|---| +| spendlik.sk | 12631197 | +| *.spendlik.sk | 12631200 | +| automation.spendlik.sk | 306256338 | +| matrix.spendlik.sk | 307776273 | +| email.spendlik.sk | 308845857 | +| auth.spendlik.sk | 308994393 | +| books.spendlik.sk | 311013228 | +| jellyfin.spendlik.sk | 311384664 | +| git.spendlik.sk | 323271195 | +| mcp.spendlik.sk | 327475181 | +| paperless.spendlik.sk | 328109687 | +| vault.spendlik.sk | 330343277 | + +--- + +## 📝 Notes + +- Never store actual secrets in this file or any Gitea file +- When a credential is rotated, update Vaultwarden and this index (location reference only) +- CT 112 `.env` file is the only place with live secrets outside Vaultwarden — keep it minimal