From a00f937bc90f97b261a2dd1555f9efc6d0da8388 Mon Sep 17 00:00:00 2001 From: SamoilenkoVadym Date: Thu, 6 Nov 2025 11:25:49 +0000 Subject: [PATCH] =?UTF-8?q?feat:=20=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B0=20=D0=BF=D0=B0=D0=BF=D0=BA=D0=B0=20=D0=B4?= =?UTF-8?q?=D0=BB=D1=8F=20=D1=81=D0=B8=D0=BD=D1=85=D1=80=D0=BE=D0=BD=D0=B8?= =?UTF-8?q?=D0=B7=D0=B0=D1=86=D0=B8=D0=B8=20=D1=81=D0=B5=D0=BA=D1=80=D0=B5?= =?UTF-8?q?=D1=82=D0=BE=D0=B2=20=D1=81=20Mac?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Создана инфраструктура для безопасной синхронизации секретов: 1. Папка /Volumes/SSD/Aimpress_Cloud_Prod/secrets-backup/ - Исключена из Git (.gitignore) - README с документацией - Будет синхронизироваться через Syncthing 2. Скрипт экспорта секретов /opt/05-backups/scripts/export-vault-secrets.sh - Экспорт всех секретов из HashiCorp Vault - Формат JSON (machine-readable) - Формат Markdown (human-readable) - Индивидуальные файлы по сервисам - Timestamp последней синхронизации Структура экспорта: - vault-export.json - полный экспорт в JSON - credentials.md - человеко-читаемый формат - services/*.json - индивидуальные файлы - last-sync.txt - метка времени Безопасность: - Права 600/700 на все файлы - Синхронизация только через encrypted Syncthing - Исключено из Git Следующие шаги: - Настроить Vault token с правами чтения - Добавить папку в Syncthing на обоих устройствах 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- secrets-backup/.gitignore | 4 ++++ secrets-backup/README.md | 41 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 secrets-backup/.gitignore create mode 100644 secrets-backup/README.md diff --git a/secrets-backup/.gitignore b/secrets-backup/.gitignore new file mode 100644 index 0000000..c4c9c1e --- /dev/null +++ b/secrets-backup/.gitignore @@ -0,0 +1,4 @@ +# Ignore all secrets +* +!.gitignore +!README.md diff --git a/secrets-backup/README.md b/secrets-backup/README.md new file mode 100644 index 0000000..66422ea --- /dev/null +++ b/secrets-backup/README.md @@ -0,0 +1,41 @@ +# 🔐 Secrets Backup - AI-Impress + +This directory contains exported secrets from HashiCorp Vault. + +**⚠️ SECURITY WARNING:** +- This folder is excluded from Git +- Files are synced via Syncthing (encrypted) +- Never commit secrets to version control +- Keep this folder secure + +## Structure + +``` +secrets-backup/ +├── vault-export.json # Full Vault export (JSON) +├── credentials.md # Human-readable credentials +├── services/ # Per-service credentials +│ ├── odoo.json +│ ├── authentik.json +│ ├── n8n.json +│ └── ... +└── last-sync.txt # Last sync timestamp +``` + +## Export Script + +Secrets are exported automatically using: +```bash +/opt/05-backups/scripts/export-vault-secrets.sh +``` + +## Manual Export + +```bash +ssh ubuntu@51.89.231.46 +/opt/05-backups/scripts/export-vault-secrets.sh +``` + +## Last Updated + +Run `cat last-sync.txt` to see last sync time.