d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e4a19db0ae96721b9ed70ff8dee304bb35bc6389
proxmox/docs/04-configuration/SECRETS_QUICK_REFERENCE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.6 KiB
Raw Blame History

Secrets Quick Reference

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2025-01-27
Purpose: Quick lookup for all secrets and their locations

🔴 CRITICAL SECRETS (Immediate HSM Migration)

Private Keys

PRIVATE_KEY (Deployer)
  Locations:
    - smom-dbis-138/.env
    - no_five/.env
    - loc_az_hci/smom-dbis-138/.env
    - proxmox/smom-dbis-138/services/*/.env
    - docs/06-besu/T1_2_CREDENTIALS_VERIFIED.md
  Value: 0x5373d11ee2cad4ed82b9208526a8c358839cbfe325919fb250f062a25153d1c8
  Address: 0x4A666F96fC8764181194447A7dFdb7d471b301C8

PRIVATE_KEY (237-combo)
  Location: 237-combo/.env
  Value: 5e72443d6f357af402859433b115f5b7394786b2624a7cd7e670256a2467bd14

Cloudflare API Tokens

CLOUDFLARE_API_TOKEN
  Locations:
    - loc_az_hci/smom-dbis-138/.env: CWNCvhFa0EgXsazoUrJyv1CS-ORoiMmgvM0zm47N
    - scripts/fix-certbot-dns-propagation.sh: JSEO_sruWB6lf1id77gtI7HOLVdhkhaR2goPEJIk

CLOUDFLARE_API_KEY
  Locations:
    - proxmox/.env: 65d8f07ebb3f0454fdc4e854b6ada13fba0f0
    - loc_az_hci/.env: x2Kgfb7OI8OEu7SUeUSyLIgVFmvXFd6zV_5ZwGcW

CLOUDFLARE_TUNNEL_TOKEN
  Locations:
    - proxmox/.env: sRwHkwQO5HfD6aK0ZzdV8XHsAyG_DLe_KCjv2bRP
    - scripts/install-shared-tunnel-token.sh: eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9

CLOUDFLARE_ORIGIN_CA_KEY
  Location: proxmox/.env
  Value: v1.0-e7109fbbe03bfeb201570275-231a7ddf5c59799f68b0a0a73a3e17d72177325bb60e4b2c295896f9fe9c296dc32a5881a7d23859934d508b4f41f1d86408e103012b44b0b057bb857b0168554be4dc215923c043bd

NPM Passwords

NPM_PASSWORD
  Locations:
    - proxmox/.env: L@ker$2010
    - scripts/create-npmplus-proxy.sh: ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72
    - scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh: ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72

NPM_EMAIL
  Locations:
    - proxmox/.env: nsatoshi2007@hotmail.com
    - scripts: admin@example.org

⚠️ HIGH PRIORITY SECRETS

Database Credentials

DATABASE_URL
  Location: dbis_core/.env
  Format: postgresql://user:password@host:port/database

UniFi/Omada

UNIFI_API_KEY
  Location: docs/04-configuration/UDM_PRO_API_LIMITATIONS.md
  Value: _6WXEiH2tMDkrO3jKc54SKa53fHZE-Wg

UNIFI_PASSWORD
  Location: Multiple docs
  Value: L@kers2010$$

📋 ALL SECRET LOCATIONS

.env Files with Secrets

./proxmox/.env
./proxmox/smom-dbis-138/.env
./proxmox/smom-dbis-138/services/relay/.env
./proxmox/smom-dbis-138/services/state-anchoring-service/.env
./proxmox/smom-dbis-138/services/transaction-mirroring-service/.env
./loc_az_hci/.env
./loc_az_hci/smom-dbis-138/.env
./smom-dbis-138/.env
./no_five/.env
./237-combo/.env
./dbis_core/.env

Scripts with Hardcoded Secrets

./proxmox/scripts/install-shared-tunnel-token.sh
./proxmox/scripts/fix-certbot-dns-propagation.sh
./proxmox/scripts/obtain-all-ssl-certificates.sh
./proxmox/scripts/configure-all-cloudflare-dns.sh
./proxmox/scripts/test-cloudflare-permissions.sh
./proxmox/smom-dbis-138/frontend-dapp/create-npmplus-proxy.sh
./proxmox/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh
./proxmox/scripts/nginx-proxy-manager/delete-sankofa-proxy-hosts.sh

Documentation with Secrets

./proxmox/docs/06-besu/T1_2_CREDENTIALS_VERIFIED.md
./proxmox/docs/06-besu/T1_2_CREDENTIALS_STATUS.md
./proxmox/docs/04-configuration/UDM_PRO_API_LIMITATIONS.md
./proxmox/docs/04-configuration/NGINX_PROXY_MANAGER_COMPLETE_SETUP.md

🔐 HSM VAULT PATHS (Proposed)

secret/blockchain/private-keys/deployer
secret/blockchain/private-keys/237-combo
secret/cloudflare/api-tokens/main
secret/cloudflare/api-tokens/certbot
secret/cloudflare/tunnel-tokens/shared
secret/cloudflare/origin-ca/main
secret/infrastructure/npm/password
secret/infrastructure/npm/email
secret/infrastructure/unifi/api-key
secret/infrastructure/unifi/password
secret/databases/postgres/main
secret/services/jwt/main

QUICK ACTIONS

Verify .gitignore

grep -r "\.env" .gitignore
grep -r "\.env\.backup" .gitignore

Find All .env Files

find . -name ".env" ! -name "*.example" ! -path "*/node_modules/*"

Find Hardcoded Secrets in Scripts

grep -rE "(PASSWORD|SECRET|API_KEY|TOKEN|PRIVATE_KEY)\s*=" --include="*.sh" --include="*.js" --include="*.ts"

Check for Secrets in Git History

git log --all --full-history --source -- "*/.env"

See MASTER_SECRETS_INVENTORY.md for complete details.

Reference in New Issue View Git Blame Copy Permalink