75 lines
2.9 KiB
Markdown
75 lines
2.9 KiB
Markdown
# Secrets Index
|
|
|
|
> Last updated: 2026-06-15
|
|
> This file maps services to WHERE credentials are stored — not the credentials themselves.
|
|
> Actual secrets live in Vaultwarden (vault.spendlik.sk).
|
|
|
|
---
|
|
|
|
## 🔑 API Keys & Tokens
|
|
|
|
| Service | Key Name | Stored In | Notes |
|
|
|---|---|---|---|
|
|
| Anthropic Claude API | `ANTHROPIC_API_KEY` | Vaultwarden | Used by n8n for content generation |
|
|
| Brickset API | `BRICKSET_API_KEY` | Vaultwarden | For kocka-novinky.sk automation |
|
|
| WebSupport API | `API_KEY` + `API_SECRET` | CT 108 `/usr/local/bin/ddns-update.sh` | HMAC-SHA1 auth, service ID `15056760` |
|
|
| Gitea token (MCP) | `GITEA_TOKEN` | CT 112 `/opt/mcp-server/.env` | Read/write access to all repos |
|
|
| Proxmox API token | `PROXMOX_TOKEN_SECRET` | CT 112 `/opt/mcp-server/.env` | `mcp@pam!mcp-token`, read-only |
|
|
| WordPress App Password (kocka-novinky.sk) | `n8n` application password | Vaultwarden | User: Spendlik, for REST API |
|
|
| Google Drive (rclone) | OAuth token | `~/.config/rclone/rclone.conf` on CachyOS | Auto-refreshes |
|
|
|
|
---
|
|
|
|
## 🌐 Service Credentials
|
|
|
|
| Service | Username | Password Location | Notes |
|
|
|---|---|---|---|
|
|
| Proxmox web UI | `root` | Vaultwarden | `192.168.1.48:8006` |
|
|
| Gitea | `spendlik` | Vaultwarden | `git.spendlik.sk` |
|
|
| n8n | — | Vaultwarden | `automation.spendlik.sk` (Authelia protected) |
|
|
| Paperless-ngx | admin | Vaultwarden | `paperless.spendlik.sk` |
|
|
| Vaultwarden | spendlik@gmail.com | Master password (memorised) | `vault.spendlik.sk` |
|
|
| Authelia | spendlik | Vaultwarden | `auth.spendlik.sk` |
|
|
| WordPress (kocka-novinky.sk) | Spendlik | Vaultwarden | Admin panel |
|
|
| WebSupport | — | Vaultwarden | DNS + hosting management |
|
|
| NAS (Synology) | — | Vaultwarden | `192.168.1.12` |
|
|
|
|
---
|
|
|
|
## 🗄️ Database Credentials
|
|
|
|
| Service | DB | User | Password Location |
|
|
|---|---|---|---|
|
|
| Paperless-ngx | PostgreSQL 16 | `paperless` | CT 111 `/opt/paperless/docker-compose.yml` env |
|
|
| Vaultwarden | SQLite | — | `/opt/vaultwarden/data/db.sqlite3` in CT 115 |
|
|
| kocka-novinky.sk WordPress | MySQL/MariaDB | — | WebSupport hosting panel + wp-config.php |
|
|
|
|
---
|
|
|
|
## 🌍 WebSupport DNS Record IDs
|
|
|
|
> Full table also in `00_index.md`. Script: CT 108 `/usr/local/bin/ddns-update.sh`
|
|
|
|
| Subdomain | Record ID |
|
|
|---|---|
|
|
| spendlik.sk | 12631197 |
|
|
| *.spendlik.sk | 12631200 |
|
|
| automation.spendlik.sk | 306256338 |
|
|
| matrix.spendlik.sk | 307776273 |
|
|
| email.spendlik.sk | 308845857 |
|
|
| auth.spendlik.sk | 308994393 |
|
|
| books.spendlik.sk | 311013228 |
|
|
| jellyfin.spendlik.sk | 311384664 |
|
|
| git.spendlik.sk | 323271195 |
|
|
| mcp.spendlik.sk | 327475181 |
|
|
| paperless.spendlik.sk | 328109687 |
|
|
| vault.spendlik.sk | 330343277 |
|
|
|
|
---
|
|
|
|
## 📝 Notes
|
|
|
|
- Never store actual secrets in this file or any Gitea file
|
|
- When a credential is rotated, update Vaultwarden and this index (location reference only)
|
|
- CT 112 `.env` file is the only place with live secrets outside Vaultwarden — keep it minimal
|