feat: add agent integration guide and get-secret/render-env tools

2026-04-13 15:59:43 +08:00
parent 9a783713cd
commit b7e21618ae
3 changed files with 183 additions and 0 deletions
--- a/scripts/get-secret.sh
+++ b/scripts/get-secret.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
+VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/continuous-ai-workflow-spec/vault-pass.txt}"
+
+usage() {
+  cat <<EOF
+用法: $(basename "$0") <key>
+
+範例:
+  $(basename "$0") gitea.api_token
+  $(basename "$0") openclaw_alice.http_nodes.gitea.password
+
+讀取 vault 中的單一 key。
+EOF
+}
+
+KEY="${1:-}"
+[ -n "$KEY" ] || { usage; exit 1; }
+
+TMP_DEC=$(mktemp)
+chmod 600 "$TMP_DEC"
+ansible-vault decrypt "$VAULT_FILE" --vault-password-file "$VAULT_PASS_FILE" --output "$TMP_DEC" 2>/dev/null
+
+python3 - <<PY
+import yaml
+from pathlib import Path
+
+data = yaml.safe_load(Path('$TMP_DEC').read_text())
+parts = '$KEY'.split('.')
+val = data
+for p in parts:
+    val = val.get(p, '')
+print(val if val else '')
+PY
+
+rm -f "$TMP_DEC"