Post-Tyranny-Tech-Infrastructure

Post-X-Society/Post-Tyranny-Tech-Infrastructure

Fork 0

Commit graph

Author	SHA1	Message	Date
Pieter	d95862f522	security: Rotate exposed Authentik API token GitGuardian detected hardcoded secret in test-oidc-provider.py. Actions taken: 1. ✅ Deleted test-oidc-provider.py (previous commit) 2. ✅ Rotated authentik_bootstrap_token in secrets file 3. ✅ Added test scripts to .gitignore to prevent future exposure Old token (COMPROMISED): ak_0Xj3OmKT0rx5E_TDKjuvXAl2Ry8IfxlSDKPSRq7fH71uPX3M04d-Xg New token: Encrypted in SOPS secrets file Impact: Test environment only (test.vrije.cloud) Next step: Redeploy test server to activate new token 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-09 08:32:45 +01:00
Pieter	6bc8e508c6	Complete SOPS secrets management setup (#5 ) Completed Issue #5: SOPS Secrets Management All objectives met: - ✅ Age encryption key generated (keys/age-key.txt) - ✅ SOPS configured with Age backend (.sops.yaml) - ✅ Secrets directory structure created - ✅ Example encrypted secrets (shared + test client) - ✅ Comprehensive documentation for key backup - ✅ Ready for Ansible integration Security measures: - Age private key gitignored (keys/age-key.txt) - Only encrypted .sops.yaml files committed - Plaintext secrets explicitly excluded - Key backup procedures documented Files added: - .sops.yaml - SOPS configuration with Age public key - secrets/shared.sops.yaml - Shared secrets (encrypted) - secrets/clients/test.sops.yaml - Test client secrets (encrypted) - secrets/README.md - Complete SOPS usage guide - keys/README.md - Key backup procedures - keys/.gitignore - Protects private keys Updated: - .gitignore - Allow .sops.yaml, block plaintext Tested: - Encryption: ✅ Files encrypted successfully - Decryption: ✅ Secrets decrypt correctly - Git safety: ✅ Private key excluded from commits Next: Ready for Zitadel/Nextcloud deployment with secure credentials Closes #5 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-27 14:23:36 +01:00
Pieter	3848510e1b	Initial project structure with agent definitions and ADR - Add AI agent definitions (Architect, Infrastructure, Zitadel, Nextcloud) - Add Architecture Decision Record with complete design rationale - Add .gitignore to protect secrets and sensitive files - Add README with quick start guide 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-24 12:12:17 +01:00

Author

SHA1

Message

Date

Pieter

d95862f522

security: Rotate exposed Authentik API token

GitGuardian detected hardcoded secret in test-oidc-provider.py.

Actions taken:
1. ✅ Deleted test-oidc-provider.py (previous commit)
2. ✅ Rotated authentik_bootstrap_token in secrets file
3. ✅ Added test scripts to .gitignore to prevent future exposure

Old token (COMPROMISED): ak_0Xj3OmKT0rx5E_TDKjuvXAl2Ry8IfxlSDKPSRq7fH71uPX3M04d-Xg
New token: Encrypted in SOPS secrets file

Impact: Test environment only (test.vrije.cloud)
Next step: Redeploy test server to activate new token

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-09 08:32:45 +01:00

Pieter

6bc8e508c6

Complete SOPS secrets management setup (#5 )

Completed Issue #5: SOPS Secrets Management

All objectives met:
- ✅ Age encryption key generated (keys/age-key.txt)
- ✅ SOPS configured with Age backend (.sops.yaml)
- ✅ Secrets directory structure created
- ✅ Example encrypted secrets (shared + test client)
- ✅ Comprehensive documentation for key backup
- ✅ Ready for Ansible integration

Security measures:
- Age private key gitignored (keys/age-key.txt)
- Only encrypted .sops.yaml files committed
- Plaintext secrets explicitly excluded
- Key backup procedures documented

Files added:
- .sops.yaml - SOPS configuration with Age public key
- secrets/shared.sops.yaml - Shared secrets (encrypted)
- secrets/clients/test.sops.yaml - Test client secrets (encrypted)
- secrets/README.md - Complete SOPS usage guide
- keys/README.md - Key backup procedures
- keys/.gitignore - Protects private keys

Updated:
- .gitignore - Allow .sops.yaml, block plaintext

Tested:
- Encryption: ✅ Files encrypted successfully
- Decryption: ✅ Secrets decrypt correctly
- Git safety: ✅ Private key excluded from commits

Next: Ready for Zitadel/Nextcloud deployment with secure credentials

Closes #5

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-27 14:23:36 +01:00

Pieter

3848510e1b

Initial project structure with agent definitions and ADR

- Add AI agent definitions (Architect, Infrastructure, Zitadel, Nextcloud)
- Add Architecture Decision Record with complete design rationale
- Add .gitignore to protect secrets and sensitive files
- Add README with quick start guide

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-24 12:12:17 +01:00

3 commits