hermes/agent-secret-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: hermes:c5d4c3c806aeb166648aba0d10e8055e14f73087
Branches Tags
hermes:main
..
compare: hermes:main
Branches Tags
hermes:main

20 Commits
c5d4c3c806 ... main

Author SHA1 Message Date
hermes
2955c97eea Sync vault from vault.yml.text 2026-05-22 16:36:44 +08:00
hermes
209420f60d Clarify zip password file diagnostics 2026-05-15 08:22:17 +08:00
hermes
0730eb1d01 Handle binary zip password files in installer 2026-05-15 08:18:07 +08:00
hermes
97d0e3960e Document installer env variables 2026-05-14 21:03:48 +08:00
hermes
73bdbd7a20 Clarify env-first install docs 2026-05-14 20:31:58 +08:00
hermes
7fa14229a3 Add installer env preflight 2026-05-14 20:26:20 +08:00
hermes
525161dd0c Add installer env configuration 2026-05-14 17:29:29 +08:00
hermes
1cd0bfb9f2 Add non-interactive vault pass install modes 2026-05-14 15:45:16 +08:00
hermes
ea1bb0979f Improve vault password installer options 2026-05-14 15:15:10 +08:00
hermes
3a67b253d8 Document agent secret vault installation 2026-05-14 15:03:29 +08:00
hermes
c74aef7b7d Rename HQS MSSQL secret to HQS016 2026-04-27 17:36:28 +08:00
hermes
c96299c204 Update HQS014 MSSQL server IP 2026-04-27 17:34:19 +08:00
hermes
ff75cced31 Add HQS014 MSSQL observer secret 2026-04-27 17:20:20 +08:00
hermes
a7729fac4e Add HQS virtualization infrastructure secrets 2026-04-27 12:22:00 +08:00
hermes
b60841014c Add WordPress application password 2026-04-27 09:30:38 +08:00
hermes
7478747b70 Add WordPress cowbay credentials 2026-04-27 09:23:02 +08:00
hermes
24b1982e1e Add i.excen.one image host token 2026-04-27 08:55:32 +08:00
hermes
75dd33ef06 Add i.excen.one image host credentials 2026-04-27 08:54:05 +08:00
hermes
60ea4485aa Add Multica self-host PAT/url/workspace_id 2026-04-26 13:49:14 +08:00
hermes
79b88a7c9d Update Alice Gitea credentials and SSH key 2026-04-23 11:32:46 +08:00
16 changed files with 1787 additions and 218 deletions
Expand all files Collapse all files

9
.gitignore vendored
View File

@@ -7,3 +7,12 @@ __pycache__/
.DS_Store
.vault_pass.txt
secrets/plaintext/
# Local plaintext vault password must never be committed
vault-pass.txt
secrets/vault-pass.txt
# Placeholder marker generated when password archive is absent
secrets/vault-pass.txt.zip.PLACEHOLDER
# Local installer env overrides with real secrets
install.local.env
*.secret.env

108
README.md
View File

@@ -1,19 +1,99 @@
# Agent Secret Vault
這個 repo 專門存放本地 AI agent 開發會用到的機密管理機制
repo 專門管理本地 AI agent / worker 需要的機密資料
核心設計
- 使用 `ansible-vault` 作為加密格式
- 加密檔可進 git
- vault password file 只放在本機
- 多個 agent 透過統一腳本存取 secrets
## 核心設計
## 內容
- `scripts/vault.sh`初始化、檢視、編輯、加密、解密、rekey
- `docs/secret-vault.md`:使用說明與設計原則
- `secrets/vault.yml`:加密後 secrets 檔
- 使用 `ansible-vault` 加密 `secrets/vault.yml`
- 加密後的 `secrets/vault.yml` 可以進 git
- vault password file 放在本機:`~/.config/vault-pass.txt`
- 新機器可透過 repo 內的密碼保護壓縮檔 `secrets/vault-pass.txt.zip` 安裝 password file
- 多個 agent 透過統一腳本讀取 secrets不各自發明 credential 管理方式
## 目標
- 讓 Hermes / OpenClaw / cron worker / 其他本地 agent 共用同一套 secret storage contract
- 不把明文 secret 留在 repo
- 不讓每個 agent 各自發明一套 credential 管理方式
## 主要文件
- 人類使用指南:[`docs/human-guide.md`](docs/human-guide.md)
- Agent 安裝 Runbook[`docs/agent-install-runbook.md`](docs/agent-install-runbook.md)
- Agent 整合補充:[`docs/agent-integration.md`](docs/agent-integration.md)
- Vault 基礎說明:[`docs/secret-vault.md`](docs/secret-vault.md)
## 安裝設定檔
Repo 內提供:
- `install.env.example`:給人類/agent 複製參考
- `install.env`:空值 placeholder安裝前先填入 vault-pass 來源設定
常用變數說明:
| 變數 | 用途 | 範例 |
|---|---|---|
| `VAULT_PASS_FILE` | 最後要產生/使用的 vault password file 路徑 | `$HOME/.config/vault-pass.txt` |
| `INSTALL_VAULT_PASS_METHOD` | 指定安裝方式;可填 `create``manual``url``archive` | `url` |
| `VAULT_PASS_URL` | 當 method=`url` 時,從這個 URL 下載 `vault-pass.txt` | `https://example.com/one-time/vault-pass.txt` |
| `VAULT_PASS_ZIP_PASSWORD_FILE` | 當 method=`archive` 時,讀取 zip 密碼的本機檔案路徑;比直接寫密碼安全 | `/secure/path/zip-password.txt` |
| `VAULT_PASS_ZIP_PASSWORD` | 當 method=`archive` 時,直接提供 zip 密碼;只適合安全 shell不建議寫進可提交檔案 | `...` |
| `VAULT_PASS_CONTENT` | 當 method=`manual` 時,直接提供 `vault-pass.txt` 內容;高風險,只適合受控環境 | `...` |
| `VAULT_PASS_ARCHIVE` | 覆寫密碼保護 zip 的路徑;預設是 `secrets/vault-pass.txt.zip` | `/path/to/vault-pass.txt.zip` |
安裝方式含義:
- `create`:產生新的 vault password只適合全新 vault既有 vault 無法解密時不會自動覆蓋。
- `manual`:由人類輸入或用 `VAULT_PASS_CONTENT` 提供 vault password 內容。
- `url`:從 `VAULT_PASS_URL` 下載 `vault-pass.txt`;適合一次性 URL / 內網安全下載。
- `archive`:從密碼保護 zip 解出 `vault-pass.txt`;密碼可放在 `VAULT_PASS_ZIP_PASSWORD_FILE``VAULT_PASS_ZIP_PASSWORD`
`install.env` 不應填入真實 secrets 後再 commit若要保存本機私密設定使用 `install.local.env` 並透過 `INSTALL_ENV_FILE=install.local.env` 指定。
## 安裝流程(先設定 env
安裝前請先設定 `install.env`,再檢查 env 是否足夠,最後才正式安裝:
```bash
cp -n install.env.example install.env
editor install.env
./scripts/install-vault-pass.sh --check-env
./scripts/install-vault-pass.sh
```
`install.env` 範例:
```bash
# 例:用一次性 URL 安裝 vault-pass.txt
INSTALL_VAULT_PASS_METHOD="url"
VAULT_PASS_URL="https://example.com/one-time/vault-pass.txt"
```
## 全自動 agent 安裝
Agent / CI 也應優先設定 `install.env``INSTALL_ENV_FILE`,不要直接進互動選單:
```bash
INSTALL_ENV_FILE=install.local.env ./scripts/install-vault-pass.sh --check-env
INSTALL_ENV_FILE=install.local.env ./scripts/install-vault-pass.sh
```
## 常用指令
```bash
# 安裝 vault password file會要求輸入壓縮檔密碼
./scripts/install-vault-pass.sh
# 維護者建立密碼保護壓縮檔
./scripts/create-vault-pass-archive.sh
# 檢視 vault
./scripts/vault.sh view
# 編輯 vault
./scripts/vault.sh edit
# 讀單一 secret
./scripts/get-secret.sh openclaw_alice.http_nodes.gitea.password
```
## 安全原則
- 不要把 `~/.config/vault-pass.txt` commit 到 git
- 不要把解密後完整 YAML 貼到 chat/log
- Agent 回報時只回報 key path、commit hash、驗證方式不回報 secret value

255
docs/agent-install-runbook.md Normal file
View File

@@ -0,0 +1,255 @@
# Agent 安裝 Runbookagent-secret-vault
這份文件給 AI agent / cron worker / automation 使用。目標:把 `agent-secret-vault` 安裝好、缺檔時建立 placeholder、並能安全讀取 secrets。
## 安全規則
- 不要把 secret value、vault password、token、private key 印到 chat / log / 工單 comment。
- 不要 dump 整份解密後的 `secrets/vault.yml`
- 只讀取任務所需的單一欄位。
- 所有暫存解密檔用完立即刪除。
## 目標路徑
- Repo`~/projects/agent-secret-vault`
- Vault 檔:`~/projects/agent-secret-vault/secrets/vault.yml`
- Vault password file`~/.config/vault-pass.txt`
- 可覆寫環境變數:`VAULT_PASS_FILE=/custom/path`
## 1. 安裝系統依賴
```bash
sudo apt update
sudo apt install -y git ansible unzip
```
驗證:
```bash
command -v git
command -v ansible-vault
command -v unzip
```
## 2. Clone repo
```bash
mkdir -p ~/projects
cd ~/projects
if [ ! -d agent-secret-vault/.git ]; then
git clone ssh://git@gitea.cowbay.org:2203/hermes/agent-secret-vault.git
fi
cd agent-secret-vault
```
若 clone 失敗,建立 placeholder 讓後續步驟可明確回報缺什麼:
```bash
mkdir -p ~/projects/agent-secret-vault/{scripts,secrets,docs}
cat > ~/projects/agent-secret-vault/README.PLACEHOLDER.md <<'PLACEHOLDER'
# Placeholder
agent-secret-vault repo 尚未成功 clone。
需要 Gitea SSH 權限ssh://git@gitea.cowbay.org:2203/hermes/agent-secret-vault.git
PLACEHOLDER
```
然後回報人類:需要把此 agent / 機器的 SSH public key 加到 Gitea 或 deploy key。
## 2.5 設定 installer env
Repo 內提供兩個 env 檔:
```text
install.env.example # 範本
install.env # 安裝用 placeholder
```
安裝前必須先設定 `install.env`(或指定 `INSTALL_ENV_FILE`),不要跳過這一步:
```bash
cd ~/projects/agent-secret-vault
cp -n install.env.example install.env
editor install.env
```
常用設定:
```bash
# 一次性 URL 下載 vault-pass.txt
INSTALL_VAULT_PASS_METHOD="url"
VAULT_PASS_URL="https://example.com/one-time/vault-pass.txt"
# 或zip 密碼放在本機安全檔案
INSTALL_VAULT_PASS_METHOD="archive"
VAULT_PASS_ZIP_PASSWORD_FILE="/secure/path/zip-password.txt"
```
注意:`VAULT_PASS_ZIP_PASSWORD_FILE` 必須指向「只包含 zip 密碼的一行純文字檔」。不要把它指到 `secrets/vault-pass.txt.zip`zip 壓縮檔本身)、`~/.config/vault-pass.txt`Ansible Vault password file、私鑰、或任何二進位檔。若 installer 報告檔案含 NUL bytes通常就是路徑指錯了請改成正確的 zip 密碼文字檔,或改用 `VAULT_PASS_ZIP_PASSWORD` / `url` / `manual` 方法。
若需要使用另一個 env 檔:
```bash
INSTALL_ENV_FILE=install.local.env ./scripts/install-vault-pass.sh
```
不要把含真實密碼/token 的 env 檔 commit。
執行安裝前可先檢查 env 是否足夠非互動安裝:
```bash
./scripts/install-vault-pass.sh --check-env
```
若輸出顯示 env 不足,先補齊 env只有人類在本機 terminal 操作時才允許進入互動提示。AI agent / CI 不應直接進互動流程。
## 3. 安裝 vault password file
標準位置:
```text
~/.config/vault-pass.txt
```
執行 installer 前再次確認 env然後安裝
```bash
cd ~/projects/agent-secret-vault
./scripts/install-vault-pass.sh --check-env
./scripts/install-vault-pass.sh
```
installer 會先判斷 `~/.config/vault-pass.txt` 是否已存在:
- 若已存在:保留現有檔案、修正權限為 `600`,並嘗試驗證能否解開 `secrets/vault.yml`
- 若不存在:提示使用者選擇 4 種建立方式。
### 缺檔時的 4 種方式
1. **建立新密碼並初始化 placeholder vault**
- 適合全新 repo / 全新環境。
- installer 會產生新的 `~/.config/vault-pass.txt`
-`secrets/vault.yml` 不存在,會建立加密 placeholder。
- 若既有 `secrets/vault.yml` 無法用新密碼解開installer 不會覆蓋它,避免破壞既有 secrets。
2. **使用者自行輸入 vault-pass.txt 內容**
- installer 會用 hidden input 讀取一行密碼內容。
- 寫入 `~/.config/vault-pass.txt`,權限設為 `600`
3. **使用者輸入 vault-pass.txt URL自動下載**
- installer 會提示輸入 `http://``https://` URL。
-`curl``wget` 下載到 `~/.config/vault-pass.txt`
- 只適合可信的一次性下載 URL。
4. **解壓 repo 內既有密碼保護 zip**
- 預設讀取:`secrets/vault-pass.txt.zip`
- zip 內必須包含檔名:`vault-pass.txt`
- installer 會要求使用者在自己的 terminal 手動輸入 zip 密碼。
### 若壓縮檔不存在
建立 placeholder不要自行編造密碼
```bash
mkdir -p ~/projects/agent-secret-vault/secrets
cat > ~/projects/agent-secret-vault/secrets/vault-pass.txt.zip.PLACEHOLDER <<'PLACEHOLDER'
Missing file: secrets/vault-pass.txt.zip
Purpose: password-protected archive containing vault-pass.txt
Action: ask human maintainer to provide this archive or use installer method 1/2/3.
PLACEHOLDER
```
然後回報人類:缺 `secrets/vault-pass.txt.zip`,或請人類選擇 installer 方法 1/2/3。
### 若要用非預設路徑
```bash
export VAULT_PASS_FILE=/path/to/vault-pass.txt
./scripts/install-vault-pass.sh
```
### Agent 全自動安裝(避免卡在互動密碼)
若安裝由 AI agent / CI 執行,不要走互動 prompt。優先把設定寫進 `install.env``install.local.env`,也可用以下任一非互動方式:
```bash
# 方式 A從安全 URL 下載 vault-pass.txt
INSTALL_VAULT_PASS_METHOD=url \
VAULT_PASS_URL="https://example.com/one-time/vault-pass.txt" \
./scripts/install-vault-pass.sh
# 方式 B從密碼保護 zip 解壓zip 密碼放在本機安全檔案
# /secure/path/zip-password.txt 必須是純文字,內容只有 zip 密碼本身;
# 不可指到 secrets/vault-pass.txt.zip 或 ~/.config/vault-pass.txt。
INSTALL_VAULT_PASS_METHOD=archive \
VAULT_PASS_ZIP_PASSWORD_FILE=/secure/path/zip-password.txt \
./scripts/install-vault-pass.sh
# 方式 C從密碼保護 zip 解壓zip 密碼用環境變數帶入(避免寫入 chat/log
INSTALL_VAULT_PASS_METHOD=archive \
VAULT_PASS_ZIP_PASSWORD="..." \
./scripts/install-vault-pass.sh
# 方式 D直接提供 vault-pass.txt 內容(只適合安全 runtime不可印 log
INSTALL_VAULT_PASS_METHOD=manual \
VAULT_PASS_CONTENT="..." \
./scripts/install-vault-pass.sh
```
推薦順序URL 一次性下載 > `VAULT_PASS_ZIP_PASSWORD_FILE` > `VAULT_PASS_ZIP_PASSWORD` > `VAULT_PASS_CONTENT`
## 4. 驗證安裝
```bash
cd ~/projects/agent-secret-vault
ansible-vault view secrets/vault.yml --vault-password-file ~/.config/vault-pass.txt >/dev/null
```
成功exit code 0。失敗時只回報錯誤摘要不要輸出密碼或 vault 內容。
## 5. 讀取單一 secret
```bash
cd ~/projects/agent-secret-vault
./scripts/get-secret.sh <dot.path>
```
範例:
```bash
./scripts/get-secret.sh gitea.api_token
./scripts/get-secret.sh openclaw_alice.http_nodes.gitea.password
```
把輸出直接交給需要 secret 的動作使用;不要貼到 chat / log。
## 6. Worker 需要 env 時
```bash
cd ~/projects/agent-secret-vault
umask 077
./scripts/render-env.sh gitea > /tmp/gitea.env
set -a
. /tmp/gitea.env
set +a
rm -f /tmp/gitea.env
```
使用完如果擔心環境被 dump執行 `unset` 清掉相關變數。
## 7. 更新 secret 的 agent 流程
只有在人類明確要求更新 secrets 時才做:
```bash
cd ~/projects/agent-secret-vault
git pull --ff-only
./scripts/vault.sh edit
ansible-vault view secrets/vault.yml --vault-password-file ~/.config/vault-pass.txt >/dev/null
git add secrets/vault.yml
git commit -m "Update secret <key-name>"
git push
```
回報只包含 key 名稱、commit hash、驗證方式不要包含 secret value。

4
docs/agent-integration.md
View File

@@ -5,7 +5,7 @@
## 基本資訊
- vault 位置:`~/projects/agent-secret-vault/secrets/vault.yml`
- vault password 位置:`~/.config/continuous-ai-workflow-spec/vault-pass.txt`
- vault password 位置:`~/.config/vault-pass.txt`
- 加密格式ansible-vaultAES256
## Agent 讀取 secrets 的方法
@@ -64,7 +64,7 @@ cd ~/projects/agent-secret-vault
確認:
```bash
chmod 600 ~/.config/continuous-ai-workflow-spec/vault-pass.txt
chmod 600 ~/.config/vault-pass.txt
```
### 3. ansible-vault not found

227
docs/human-guide.md Normal file
View File

@@ -0,0 +1,227 @@
# 人類使用指南agent-secret-vault
這份文件給人類維護者看:如何安裝、操作,以及如何用自然語言指示 agent 管理 secrets。
## 這是什麼
`agent-secret-vault` 是本地 AI agent 共用的機密資料 repo。
- 加密資料:`secrets/vault.yml`
- 加密格式Ansible Vault
- 解密鑰匙:`~/.config/vault-pass.txt`
- Repo`ssh://git@gitea.cowbay.org:2203/hermes/agent-secret-vault.git`
`secrets/vault.yml` 可以進 git`~/.config/vault-pass.txt` 不可以進 git。
## 安裝
```bash
sudo apt update
sudo apt install -y git ansible unzip
mkdir -p ~/projects
cd ~/projects
git clone ssh://git@gitea.cowbay.org:2203/hermes/agent-secret-vault.git
cd agent-secret-vault
```
接著先設定 installer env再安裝 vault password file
```bash
cp -n install.env.example install.env
editor install.env
./scripts/install-vault-pass.sh --check-env
./scripts/install-vault-pass.sh
```
重點:先填 `install.env`。若 `--check-env` 顯示資訊不足,先補齊 `INSTALL_VAULT_PASS_METHOD` 與對應欄位,不要直接進互動流程。
installer 會先檢查:
```text
~/.config/vault-pass.txt
```
如果已存在,會保留並驗證。若不存在,會讓你選 4 種方式:
1. 建立新 vault password並在需要時建立加密 placeholder vault。
2. 手動輸入 vault-pass.txt 的內容。
3. 輸入 vault-pass.txt 的 URL讓 installer 自動下載。
4. 解壓 repo 內既有的密碼保護檔 `secrets/vault-pass.txt.zip`
若選第 4 種,請在你自己的 terminal 輸入 zip 密碼Telegram / chat 不能輸入到 agent 的工具互動提示。
驗證:
```bash
./scripts/vault.sh view
```
## 建立安裝用密碼保護壓縮檔
維護者若要讓其他 agent / 機器安裝,先在已可解密的機器上執行:
```bash
cd ~/projects/agent-secret-vault
./scripts/create-vault-pass-archive.sh
git add secrets/vault-pass.txt.zip
git commit -m "Add vault password archive"
git push
```
腳本會要求互動輸入 zip 密碼。這個 zip 密碼不要寫進 repo、chat 或 log交給安裝者時用另外的安全渠道。
## 安裝時設定 vault-pass
安裝流程要求先填 repo 內的 env 檔:
```bash
cd ~/projects/agent-secret-vault
cp -n install.env.example install.env
editor install.env
./scripts/install-vault-pass.sh --check-env
./scripts/install-vault-pass.sh
```
`install.env` 可設定:
- `INSTALL_VAULT_PASS_METHOD=url` + `VAULT_PASS_URL=...`
- `INSTALL_VAULT_PASS_METHOD=archive` + `VAULT_PASS_ZIP_PASSWORD_FILE=...`
- `INSTALL_VAULT_PASS_METHOD=manual` + `VAULT_PASS_CONTENT=...`
- `INSTALL_VAULT_PASS_METHOD=create`
若 env 內含真實 secrets不要 commit。可改用 `install.local.env`,再執行:
```bash
INSTALL_ENV_FILE=install.local.env ./scripts/install-vault-pass.sh --check-env
./scripts/install-vault-pass.sh
```
## 給 agent 的全自動安裝方式
如果目標是「AI agent 直接安裝,不要卡在互動輸入密碼」,請不要讓 agent 選互動 zip 解壓。改用環境變數指定方法:
```bash
# 一次性 URL 下載
INSTALL_VAULT_PASS_METHOD=url \
VAULT_PASS_URL="https://example.com/one-time/vault-pass.txt" \
./scripts/install-vault-pass.sh
# 或zip 密碼放在本機安全檔案
INSTALL_VAULT_PASS_METHOD=archive \
VAULT_PASS_ZIP_PASSWORD_FILE=/secure/path/zip-password.txt \
./scripts/install-vault-pass.sh --check-env
./scripts/install-vault-pass.sh
```
不要把 zip 密碼或 vault-pass 內容貼在聊天裡;應由目標機器的 secret manager、一次性 URL 或本機安全檔提供。
## 常用人工操作
### 查看 vault
```bash
cd ~/projects/agent-secret-vault
./scripts/vault.sh view
```
### 編輯 vault
```bash
cd ~/projects/agent-secret-vault
git pull --ff-only
./scripts/vault.sh edit
git add secrets/vault.yml
git commit -m "Update secrets"
git push
```
### 讀單一 secret
```bash
./scripts/get-secret.sh gitea.api_token
./scripts/get-secret.sh openclaw_alice.http_nodes.gitea.password
```
## 用自然語言請 agent 操作 secrets
你可以直接對 agent 下這類命令:
### 查詢但不要顯示 secret
```text
幫我確認 agent-secret-vault 裡有沒有 gitea.api_token不要把 token 印出來。
```
Agent 應該只回報「有 / 沒有」與使用的 key path不應顯示 token。
### 使用 secret 去登入或呼叫 API
```text
用 agent-secret-vault 裡的 openclaw_alice.http_nodes.gitea 帳密登入 Gitea登入成功後回報狀態不要把帳密貼出來。
```
Agent 可以讀取 secret 並用於 browser/API但不能把 secret value 回傳聊天。
### 新增 secret
```text
幫我把新的 API token 加到 agent-secret-vaultkey 放在 openclaw_alice.http_nodes.example_service.api_token先 git pull更新後驗證可讀再 commit/push。不要在回報中顯示 token。
```
如果 token 需要由你提供,請用安全渠道或互動輸入;不要把高敏感 token 直接貼到公開群組。
### 修改 secret
```text
把 agent-secret-vault 裡 openclaw_alice.http_nodes.gitea.password 更新成我等一下提供的新密碼;完成後只回報 commit hash 和驗證方式。
```
### 列出 key 結構
```text
列出 agent-secret-vault 目前有哪些 top-level sections 和 key 名稱,不要顯示任何 password/token/secret/private_key 的值。
```
## Agent 應遵守的回報格式
完成更新後agent 回報應包含:
- 更新的 key path
- repo path
- commit hash
- 驗證方式,例如 `./scripts/get-secret.sh <key>` 成功
不應包含:
- secret value
- vault password
- 解密後完整 YAML
## 故障排除
### `Decryption failed`
通常是 `~/.config/vault-pass.txt` 不存在、權限不對、或內容不是正確密碼。
檢查:
```bash
ls -l ~/.config/vault-pass.txt
```
權限應為 `600`
### `secrets/vault-pass.txt.zip` 不存在
代表 repo 裡沒有安裝用的密碼保護壓縮檔。請由維護者建立並提交到私有 repo或用其他安全方式提供 vault password file。
### Gitea clone/push 失敗
檢查:
```bash
ssh -T -p 2203 git@gitea.cowbay.org
```
通常需要把該機器的 SSH public key 加到 Gitea。

2
docs/secret-vault.md
View File

@@ -4,7 +4,7 @@
## 設計
- 加密檔:`secrets/vault.yml`
- 本機 vault password file`~/.config/continuous-ai-workflow-spec/vault-pass.txt`
- 本機 vault password file`~/.config/vault-pass.txt`
- 管理腳本:`scripts/vault.sh`
## 原則

10
install.env Normal file
View File

@@ -0,0 +1,10 @@
# Local installer config for agent-secret-vault.
# Fill this file before running ./scripts/install-vault-pass.sh.
# WARNING: this file may contain secrets. Do not commit real values.
VAULT_PASS_FILE="$HOME/.config/vault-pass.txt"
INSTALL_VAULT_PASS_METHOD=""
VAULT_PASS_CONTENT=""
VAULT_PASS_URL=""
VAULT_PASS_ZIP_PASSWORD_FILE=""
VAULT_PASS_ZIP_PASSWORD=""

35
install.env.example Normal file
View File

@@ -0,0 +1,35 @@
# agent-secret-vault installer env template
#
# Usage:
# cp install.env.example install.env
# editor install.env
# ./scripts/install-vault-pass.sh
#
# Keep real install.env private. It may contain secrets.
# Where to install/read the Ansible Vault password file.
VAULT_PASS_FILE="$HOME/.config/vault-pass.txt"
# Choose one method: create | manual | url | archive
# Leave empty for interactive menu.
INSTALL_VAULT_PASS_METHOD=""
# Method: manual
# Direct vault-pass.txt content. Avoid this unless running in a secure local shell.
VAULT_PASS_CONTENT=""
# Method: url
# One-time HTTPS URL containing vault-pass.txt.
VAULT_PASS_URL=""
# Method: archive
# Password-protected zip path defaults to secrets/vault-pass.txt.zip.
# Put the ZIP ARCHIVE PASSWORD in a local plaintext file when possible.
# This must be a small text file containing only the zip password.
# Do NOT point this to secrets/vault-pass.txt.zip, ~/.config/vault-pass.txt,
# a private key, or any binary/archive file.
VAULT_PASS_ZIP_PASSWORD_FILE=""
# Method: archive fallback
# Inline zip password. Avoid in shared shells/logging environments.
VAULT_PASS_ZIP_PASSWORD=""

50
scripts/create-vault-pass-archive.sh Executable file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/env bash
set -euo pipefail
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
SRC="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
OUT="${1:-$REPO_DIR/secrets/vault-pass.txt.zip}"
usage() {
cat <<USAGE
Usage: scripts/create-vault-pass-archive.sh [output.zip]
Creates a password-protected archive containing vault-pass.txt.
Default source:
${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}
Default output:
$REPO_DIR/secrets/vault-pass.txt.zip
The zip password is entered interactively. Do not print it in logs/chat.
USAGE
}
if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
usage
exit 0
fi
if [ ! -f "$SRC" ]; then
echo "Missing source vault password file: $SRC" >&2
exit 2
fi
if ! command -v zip >/dev/null 2>&1; then
echo "Missing dependency: zip" >&2
echo "Install it with: sudo apt install -y zip" >&2
exit 3
fi
mkdir -p "$(dirname "$OUT")"
tmpdir="$(mktemp -d)"
cleanup() { rm -rf "$tmpdir"; }
trap cleanup EXIT
install -m 600 "$SRC" "$tmpdir/vault-pass.txt"
(
cd "$tmpdir"
# zip prompts for archive password interactively.
zip -e -q "$OUT" vault-pass.txt
)
chmod 600 "$OUT"
echo "Created password-protected archive: $OUT"

2
scripts/get-secret.sh
View File

@@ -3,7 +3,7 @@ set -euo pipefail
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/continuous-ai-workflow-spec/vault-pass.txt}"
VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
usage() {
cat <<EOF

406
scripts/install-vault-pass.sh Executable file
View File

@@ -0,0 +1,406 @@
#!/usr/bin/env bash
set -euo pipefail
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
DEST="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
ARCHIVE="${1:-$REPO_DIR/secrets/vault-pass.txt.zip}"
VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
ENV_FILE="${INSTALL_ENV_FILE:-$REPO_DIR/install.env}"
load_env_file() {
if [ -f "$ENV_FILE" ]; then
set -a
# shellcheck disable=SC1090
. "$ENV_FILE"
set +a
fi
}
load_env_file
# Re-apply env-configurable paths after loading install.env.
DEST="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
ARCHIVE="${VAULT_PASS_ARCHIVE:-${1:-$REPO_DIR/secrets/vault-pass.txt.zip}}"
VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
# Optional non-interactive controls:
# INSTALL_VAULT_PASS_METHOD=create|manual|url|archive
# VAULT_PASS_CONTENT=<content> (for method=manual)
# VAULT_PASS_URL=<https-url> (for method=url)
# VAULT_PASS_ZIP_PASSWORD=<password> (for method=archive; avoid chat/log)
# VAULT_PASS_ZIP_PASSWORD_FILE=<path> (for method=archive; safer than env)
usage() {
cat <<USAGE
Usage: scripts/install-vault-pass.sh [archive.zip]
Loads installer env from:
${INSTALL_ENV_FILE:-$REPO_DIR/install.env}
Override with:
INSTALL_ENV_FILE=/path/to/install.env ./scripts/install-vault-pass.sh
Installs the Ansible Vault password file to:
${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}
Interactive behavior:
1. If the password file already exists, keep it and verify permissions.
2. If missing, prompt the user to choose one of four setup methods:
[1] Create a new vault password and initialize/re-encrypt vault.yml
[2] Paste/type vault-pass.txt content manually
[3] Download vault-pass.txt from a user-provided URL
[4] Extract vault-pass.txt from a password-protected zip archive
Non-interactive agent mode (via install.env or environment variables):
INSTALL_VAULT_PASS_METHOD=create ./scripts/install-vault-pass.sh
VAULT_PASS_CONTENT='...' INSTALL_VAULT_PASS_METHOD=manual ./scripts/install-vault-pass.sh
VAULT_PASS_URL='https://...' INSTALL_VAULT_PASS_METHOD=url ./scripts/install-vault-pass.sh
VAULT_PASS_ZIP_PASSWORD_FILE=/secure/pass INSTALL_VAULT_PASS_METHOD=archive ./scripts/install-vault-pass.sh
VAULT_PASS_ZIP_PASSWORD='...' INSTALL_VAULT_PASS_METHOD=archive ./scripts/install-vault-pass.sh
Check env sufficiency without installing:
./scripts/install-vault-pass.sh --check-env
Default archive path for method [4]:
$REPO_DIR/secrets/vault-pass.txt.zip
USAGE
}
ensure_dest_dir() {
umask 077
mkdir -p "$(dirname "$DEST")"
chmod 700 "$(dirname "$DEST")" || true
}
secure_dest() { chmod 600 "$DEST"; }
verify_existing() {
if [ -f "$DEST" ]; then
secure_dest
echo "Vault password file already exists: $DEST"
return 0
fi
return 1
}
require_cmd() {
if ! command -v "$1" >/dev/null 2>&1; then
echo "Missing dependency: $1" >&2
echo "Please install it first." >&2
exit 3
fi
}
create_new_password() {
require_cmd ansible-vault
require_cmd python3
ensure_dest_dir
umask 077
python3 - <<'PY' > "$DEST"
import secrets
print(secrets.token_urlsafe(48))
PY
secure_dest
echo "Created new vault password file: $DEST"
if [ -f "$VAULT_FILE" ]; then
if ansible-vault view "$VAULT_FILE" --vault-password-file "$DEST" >/dev/null 2>&1; then
echo "Existing vault is already readable with the new password. No re-encryption needed."
else
cat <<WARN
WARNING: $VAULT_FILE exists but is not readable with the new password.
To avoid destroying existing encrypted secrets, this script will NOT overwrite it automatically.
If this is a brand-new install, create a plaintext YAML file and run:
./scripts/vault.sh encrypt /path/to/plaintext.yml
If this is an existing vault, choose method [2], [3], or [4] with the correct password instead.
WARN
fi
else
mkdir -p "$(dirname "$VAULT_FILE")"
tmp="$(mktemp)"
chmod 600 "$tmp"
cat > "$tmp" <<'YAML'
# Initial placeholder vault. Replace with real secrets using ./scripts/vault.sh edit.
gitea: {}
openclaw_alice:
http_nodes: {}
ssh_nodes: {}
YAML
cp "$tmp" "$VAULT_FILE"
ansible-vault encrypt "$VAULT_FILE" --vault-password-file "$DEST"
rm -f "$tmp"
echo "Created encrypted placeholder vault: $VAULT_FILE"
fi
}
manual_create() {
ensure_dest_dir
if [ -n "${VAULT_PASS_CONTENT:-}" ]; then
umask 077
printf '%s\n' "$VAULT_PASS_CONTENT" > "$DEST"
else
cat <<MSG
Paste/type the vault password content now, then press Enter.
Input is hidden. The content will be written to:
$DEST
MSG
read -r -s pass
printf '\n'
if [ -z "$pass" ]; then
echo "Empty password is not allowed." >&2
exit 4
fi
umask 077
printf '%s\n' "$pass" > "$DEST"
fi
secure_dest
echo "Installed manually provided vault password file: $DEST"
}
download_from_url() {
ensure_dest_dir
url="${VAULT_PASS_URL:-}"
if [ -z "$url" ]; then
printf 'Enter vault-pass.txt URL: '
read -r url
fi
if [ -z "$url" ]; then
echo "URL is required." >&2
exit 4
fi
case "$url" in
http://*|https://*) ;;
*) echo "Only http:// or https:// URLs are supported." >&2; exit 4 ;;
esac
if command -v curl >/dev/null 2>&1; then
umask 077
curl -fsSL "$url" -o "$DEST"
elif command -v wget >/dev/null 2>&1; then
umask 077
wget -qO "$DEST" "$url"
else
echo "Missing dependency: curl or wget" >&2
exit 3
fi
if [ ! -s "$DEST" ]; then
echo "Downloaded file is empty or missing." >&2
exit 4
fi
secure_dest
echo "Downloaded vault password file to: $DEST"
}
read_zip_password_file() {
# Bash strings cannot contain NUL bytes. Detect likely binary/invalid password
# files before command substitution so agents do not hit:
# warning: command substitution: ignored null byte in input
original_size="$(wc -c < "$VAULT_PASS_ZIP_PASSWORD_FILE" | tr -d '[:space:]')"
without_nul_size="$(LC_ALL=C tr -d '\000' < "$VAULT_PASS_ZIP_PASSWORD_FILE" | wc -c | tr -d '[:space:]')"
if [ "$original_size" != "$without_nul_size" ]; then
file_desc="$(file -b "$VAULT_PASS_ZIP_PASSWORD_FILE" 2>/dev/null || echo "unknown file type")"
cat >&2 <<ERR
VAULT_PASS_ZIP_PASSWORD_FILE appears to contain NUL bytes; provide a text password file instead.
Configured password-file path:
$VAULT_PASS_ZIP_PASSWORD_FILE
Detected file type:
$file_desc
This variable must point to a small plaintext file containing ONLY the zip archive password.
It must NOT point to:
- secrets/vault-pass.txt.zip (the archive itself)
- ~/.config/vault-pass.txt (the Ansible Vault password file)
- any binary/key/archive file
Fix one of these ways:
1. Create a plaintext zip-password file and set VAULT_PASS_ZIP_PASSWORD_FILE to that path.
2. Or set VAULT_PASS_ZIP_PASSWORD directly in a private local shell/env.
3. Or use INSTALL_VAULT_PASS_METHOD=url/manual/create instead of archive.
ERR
exit 4
fi
# Accept the first line and strip a trailing CR for files copied from Windows.
IFS= read -r zip_pass < "$VAULT_PASS_ZIP_PASSWORD_FILE" || true
zip_pass="${zip_pass%$'\r'}"
if [ -z "$zip_pass" ]; then
echo "VAULT_PASS_ZIP_PASSWORD_FILE is empty: $VAULT_PASS_ZIP_PASSWORD_FILE" >&2
exit 4
fi
}
extract_from_archive() {
require_cmd unzip
ensure_dest_dir
if [ ! -f "$ARCHIVE" ]; then
cat >&2 <<ERR
Missing archive: $ARCHIVE
Create/provide a password-protected archive that contains one file named:
vault-pass.txt
ERR
exit 2
fi
tmpdir="$(mktemp -d)"
cleanup() { rm -rf "$tmpdir"; }
trap cleanup EXIT
if [ -n "${VAULT_PASS_ZIP_PASSWORD_FILE:-}" ]; then
if [ ! -f "$VAULT_PASS_ZIP_PASSWORD_FILE" ]; then
echo "Missing VAULT_PASS_ZIP_PASSWORD_FILE: $VAULT_PASS_ZIP_PASSWORD_FILE" >&2
exit 4
fi
read_zip_password_file
unzip -P "$zip_pass" -q "$ARCHIVE" -d "$tmpdir"
elif [ -n "${VAULT_PASS_ZIP_PASSWORD:-}" ]; then
unzip -P "$VAULT_PASS_ZIP_PASSWORD" -q "$ARCHIVE" -d "$tmpdir"
else
# unzip will prompt for the archive password interactively.
unzip -q "$ARCHIVE" -d "$tmpdir"
fi
src="$tmpdir/vault-pass.txt"
if [ ! -f "$src" ]; then
echo "Archive extracted, but vault-pass.txt was not found inside." >&2
exit 4
fi
install -m 600 "$src" "$DEST"
echo "Installed vault password file from archive: $DEST"
}
verify_vault_readable_if_possible() {
if [ -f "$VAULT_FILE" ] && command -v ansible-vault >/dev/null 2>&1; then
if ansible-vault view "$VAULT_FILE" --vault-password-file "$DEST" >/dev/null 2>&1; then
echo "Verified: vault.yml is readable with $DEST"
else
echo "Warning: vault.yml is not readable with $DEST" >&2
return 5
fi
fi
}
preflight_env_config() {
if [ ! -f "$ENV_FILE" ]; then
echo "Installer env file not found: $ENV_FILE"
echo "Copy template first: cp install.env.example install.env"
return 0
fi
echo "Loaded installer env: $ENV_FILE"
if [ -f "$DEST" ]; then
echo "Preflight: vault password file already exists: $DEST"
return 0
fi
method="${INSTALL_VAULT_PASS_METHOD:-}"
if [ -z "$method" ]; then
echo "Preflight: install.env does not set INSTALL_VAULT_PASS_METHOD; interactive menu will be used."
return 0
fi
case "$method" in
create|1)
echo "Preflight: install.env is sufficient for method=create."
;;
manual|2)
if [ -n "${VAULT_PASS_CONTENT:-}" ]; then
echo "Preflight: install.env is sufficient for method=manual (VAULT_PASS_CONTENT set)."
else
echo "Preflight: method=manual but VAULT_PASS_CONTENT is empty; hidden input will be required."
fi
;;
url|3)
if [ -n "${VAULT_PASS_URL:-}" ]; then
echo "Preflight: install.env is sufficient for method=url."
else
echo "Preflight: method=url but VAULT_PASS_URL is empty; URL input will be required."
fi
;;
archive|4)
if [ -n "${VAULT_PASS_ZIP_PASSWORD_FILE:-}" ] && [ -f "$VAULT_PASS_ZIP_PASSWORD_FILE" ]; then
echo "Preflight: install.env is sufficient for method=archive (password file exists)."
elif [ -n "${VAULT_PASS_ZIP_PASSWORD_FILE:-}" ]; then
echo "Preflight: method=archive but VAULT_PASS_ZIP_PASSWORD_FILE does not exist: $VAULT_PASS_ZIP_PASSWORD_FILE"
elif [ -n "${VAULT_PASS_ZIP_PASSWORD:-}" ]; then
echo "Preflight: install.env is sufficient for method=archive (inline zip password set)."
else
echo "Preflight: method=archive but no zip password is configured; unzip will prompt interactively."
fi
if [ ! -f "$ARCHIVE" ]; then
echo "Preflight: archive file is missing: $ARCHIVE"
fi
;;
*)
echo "Preflight: invalid INSTALL_VAULT_PASS_METHOD: $method"
;;
esac
}
env_has_noninteractive_config() {
method="${INSTALL_VAULT_PASS_METHOD:-}"
case "$method" in
create|1) return 0 ;;
manual|2) [ -n "${VAULT_PASS_CONTENT:-}" ] ;;
url|3) [ -n "${VAULT_PASS_URL:-}" ] ;;
archive|4)
{ [ -n "${VAULT_PASS_ZIP_PASSWORD:-}" ] || { [ -n "${VAULT_PASS_ZIP_PASSWORD_FILE:-}" ] && [ -f "$VAULT_PASS_ZIP_PASSWORD_FILE" ]; }; } && [ -f "$ARCHIVE" ]
;;
*) return 1 ;;
esac
}
run_method() {
case "$1" in
create|1) create_new_password ;;
manual|2) manual_create ;;
url|3) download_from_url ;;
archive|4) extract_from_archive ;;
*) echo "Invalid setup method: $1" >&2; exit 4 ;;
esac
}
if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
usage
exit 0
fi
if [ "${1:-}" = "--check-env" ]; then
preflight_env_config
exit 0
fi
if verify_existing; then
verify_vault_readable_if_possible || true
exit 0
fi
preflight_env_config
if [ -n "${INSTALL_VAULT_PASS_METHOD:-}" ]; then
if env_has_noninteractive_config; then
echo "Using non-interactive configuration from env."
else
echo "Env is not sufficient for a fully non-interactive install; installer may prompt."
fi
run_method "$INSTALL_VAULT_PASS_METHOD"
verify_vault_readable_if_possible || true
exit 0
fi
cat <<MENU
Vault password file does not exist:
$DEST
Choose setup method:
1) Create a new vault password and initialize/re-encrypt vault.yml if needed
2) Paste/type vault-pass.txt content manually
3) Download vault-pass.txt from a URL
4) Extract vault-pass.txt from password-protected zip archive
MENU
printf 'Enter choice [1-4]: '
read -r choice
run_method "$choice"
verify_vault_readable_if_possible || true

2
scripts/render-env.sh
View File

@@ -3,7 +3,7 @@ set -euo pipefail
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/continuous-ai-workflow-spec/vault-pass.txt}"
VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
SECTION="${1:-}"
[ -n "$SECTION" ] || { echo "用法: $0 <section>"; exit 1; }

2
scripts/vault.sh
View File

@@ -3,7 +3,7 @@ set -euo pipefail
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/continuous-ai-workflow-spec/vault-pass.txt}"
VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
usage() {
cat <<EOF

BIN
secrets/vault-pass.txt.zip Normal file
View File

Binary file not shown.

640
secrets/vault.yml
View File

@@ -1,199 +1,443 @@
$ANSIBLE_VAULT;1.1;AES256
39653934363136346238396131373436306661643233356236643938336666653663643866666530
6232333534626335663533376237383033623839366138350a313562646138633130353636333462
64343532333534333863366331666237636162643338653137303235386337373235633164383233
6366613034633638620a303337653462326266663033356364613632353730666530303934616462
35316136666430643764643232613266633838346662323761343134333733663330383065306630
39353861643638363835313266383330336133653436376232643066633636653061363766373864
38383162333236633330623634363032323736623366616364326666376631333136313036303931
37383162393962326335626433393164316565333031303761303431363363303230363730323639
32366635346562346335383137346634343633653130663330373966623234643732636131303463
62366530653436393562326231323238323433633931663733306338663335323564373732343437
31303533393934333135333030646237333835633866326164393831346664306339373765396630
30333162663834363939656566383863323632656639646464643038383430643831633039616663
62336438343031363830393032343638393236343138653363613938366564613438666132376363
30376135616261666261663232373739306534363363653438343865336363646633356265353934
38326532623036326161663731623964303035333065303633663336653034356537336162613938
37393934393961623363616563313964643238646565363533396639373736613331303236333832
38666662366161326439383461346138643662663037613130373034316135613633383262363335
30643330653130646338613961336437626335333662306631656564373063306331613765343864
61633264376534363166343665343461613763353261393138373861396665633830303631383038
39316366376564353136393337633364343337666635613261653261666431376132666166313064
62333630313064633330663534353362393931343039386563353865313165383934393661646566
38353833356163363438643138623763303639613633396132643265366266656566333331393134
34323139333466316230313664636662353030616165343063393933326335643561303638356664
37383463346363366335646266353166636236323662323031353565366431616234356233613866
33336230373032643461643639643465343734613664303663636435626539386435663033306563
36333439663239646630326332376563326263383366366263386138653063393432313032383731
39643533353632623836353231663466316161643939313432343636383034313237316465326263
65356139383637313762366230303062653065316263346332373538623131353238663032626437
65313064303461626262353962306362356537316561623463656536373766613661356230636239
38353837616435636537363264396238346635373032633064356163653735663130396631646163
36663966383537333631646536653562646366366439646438393061653038643932376535303638
64646433636133393761396535616163656361393266396633313433373233323731333363386438
64323965643132656264323366626430303936653564313639366466323935616239333638363363
63366235396534303330343062393138316239313064396535663832306535373732343233363533
66383163386539313037333763633335633162613539396636643162383166336535386238636439
62353030653133363034646139363335306262623134343662346433396264346635356264343935
30633834653965646135636338656362616232623032663339643139646233383935386539313134
39653166653634393036656261643831663534343862656638376638353564383661303430623632
63396432366438326131613639333466343830653131653733396663636237336265373138376165
31633262373462316539353838363261303631633235323035393335366630363632616365353265
37363937616134373764313837613338323064623164333464326339363431393863383334623431
31333962663032313433633737616364383662336336383134356335666236393736653762363534
62613334393337623136393739653933356461316430666163316136326535353130363264346437
62633437373564343635643437616630333139356463633435373665376335633664663330366639
66353063386665323436623039653161363463666163613462313731636432393437306230303664
63303565633561366333643061383933643962326462323665646666313133323462303462373361
39623638653566373361346661383133623336373837326431376263346231663666646234353234
38366662323761656534653238623335346139366137656561343231653764316564643234316235
62616333656530303137316632326366333063383365613739396534343863636561353963396534
33666238383332653163303632366561666562333037626238326665316632653831336330636132
61393066373030313030393236633838363562613838303164353432633931366332313434366562
38343133366466333362373438336238653963633130643839623165663866396630626339323966
63666135653037343634663066643866363933663936343438646532613435663763396235313437
65643438613636356462666266393565303837643061646265363863343461306132393264396539
65356665666237636439623761633735613661623362326462626639313765313061346465363236
37393639376338353163326164346435613865633838366338623362613065363664363763323037
61333334666630353138626439636262363330623033393764316539313331633332336662633261
61633733373430656364633535313834653134376661663935306232646430366162616665316136
38373732313237366137343837323562623632663338626464616435623232333432393161353435
33653734643436653339353165336238656434383633396634663837333533373766383236666264
64626335313231336437646337633465386338323737653461633439323830653331643630353430
31663436613934373165613964383232633065616434313636643434316463633061316261623632
65356530613730323539373464393431613332393531376539366436613334653232363933326630
32633636386433663535336334333835363337666335333834363765393164626332636461616264
64343135353361306436643261626635396564366431363863313964346335623862666562363031
61313332313033303865656263653330346638306531306666373936643335393164376236393938
62666330636532396639653736613336333762353231616533376366383230353130623633316662
63313962343734626262616663633366363432343135326362616435376533346334626131316261
35663666383566313061323663383330353337343931613063393238316532623734316639626330
63343431353563383636363936636438303663333538303439316436383730663865373162663265
61373963626237666432656364366439323336316334663831363966393337336638663665616235
30343637373131353961323566366263663463323230626230313163376564636364623833623033
33643730623662633538393335303461666435366439613864633637386537383935613835656564
38363863626232656661373565343133393430653038346130373433663835333536333633366662
35613430306264613530316332636230313132373636343038303837623039393437353133306233
39363565613765623031623466343964346335376366353161313961366664316533383361386438
34626134633735343864363137323161333236373463376261386631356135376537333162363536
63366537646265356539316166623266353832313965383430643565626330383361363539313933
34363734343961643034373239336533346166623766343532316263356662303663353165383165
30353032333366646431356237623464306230303038326337623666343964313536373465366637
32346138356536613136376565646466633233643336636339316634663932633961616337343230
65363465356662656336633133353337636464386637636661363637663363396135613862346166
39363161313433633765613434663138396165353134376264363933313236306264336364353164
39306236353130633332356361383533303632313336616330643036613039383531646461666662
63663530356634336538373230656661653565303030366337303237313461623632633731363736
31363235373432663733393033393738656539376237313334326430326663633566623562316530
63646139383165353163356566343234663764383464633339326336393932316630303439613562
38366632616337663435643237613064633963623237316332616166336261633061613135323261
34383466666366656230313831343865646435353030306231313135333537333330343634656233
32306636663361373363616431326238333538346362396432303434386165623439396635623162
32343535306539633838333564366438356562393662303332643439306635346236636637666333
32663030616537666539376339366232653133613037663363616163623933633838396533343262
62633233633730353039333836363866353461383636643138383066366236376664653637396562
34306565623030376532343064313833643637343132396631363061336337383537383034633866
65326531663037663532333663336463383864663466633064636663303931343761613834366334
31336262666664373362383139383831623135346465303862653035303131323638666663663565
36393035333762353539653538323061653763346465333532303837316330643238663266333961
65313536396634623938623139303835323461323831633661663332313730303736383937663435
35313636646464656139353436336439366166373837633438376130363534376336623638386338
37333530343235613865323366643435306439393964343934313735323432316435643838646334
37656661623162353564363532633062613462303662386366386365633833396437636566656432
32643763316433356664343234666130376537373333386130616434666333313964393063623637
32326234306163663264343335666665643139613262666432326237653633323961393561383939
62636564383066333766616566363639643931386133363335653930383238353865373366663937
36373135333939326336643166646538303964323535373465366438343563396463316261393561
63636130613238353461653636623662333765333661626336613163383734643138376537313363
32383834376239333535386663303832356534663761326466383839366331366134636665616437
38666462316563653836376337636130663130663034333938303462316562373232326466333035
61313130396163653366353836613863323863333065333466343830626434626139613433663462
36306631663833383037663137306366613238343136363230613933313234353539323938303933
36663437306132316164336137383037396333316662666235313636663336663163373465653439
37633732366162366535313562633865373534373932626534656164646532356464626264323337
61646364356662386166343764333136356631623563316233363465653034353339333939343736
39306138656463633134663930363966323732313239303939326634333562633937353064393332
39623866613835333931303566326634636237333130383637616262643136366566306438636235
37396438643633623831363831323730326166303338303530386134306564333737653065636431
38366361393266303137396666396231333763393465633530633063383538666537373131636532
36396636323063316465383432356164383761346535373263333838386163323230353962376665
36343334616663313634643837646663636564346239356463633333303562353435653432363061
65366333323030386361613662376634343032363238623764316462366234643762326231313362
31343961353139386664383662306335373839313962306366613063396262323564306435633435
30353130636637313139663037306338336130626137323139383861356130333038393462346264
38363130333139336164383237613564373435613230333639663037633837346362373033336439
32643535326231653962663361373238636664306130653530663632636665396463343166363534
64316139393664653834323962623538323362316664383465336135646633326131356236396663
63333731343432343566303264653961623239633566316166383834626538313764626166373865
32313965306332306230306561613236313166363239333738386430613731393061393732613534
65333835316263646465326532663134623065383539313237343966306532356532326535356365
61363536626532336266666133336166366232653630653862636530393038333332623237303036
61616461323965306534646438633430363733666264393862666637333639613466653633316437
39316561303936303638386465663963333061383936353962613166646337363831663131363865
30343239343833343432323038303733613862393535653035363337666231383031663364613431
38393138333965383932383338333933636635633465663863356130356236353637303430353935
61636162363963623834336662663930306164636366306662393663653138636635396130303430
32653436373439613361633631633835616563333934336430303961326635336631646363393038
38313064303061623337363262643632653361323064373861653830613165633165303262653662
38616437343833356639343466373532323337613838653633636262383032376534616535303330
32623137313434306465626561373937666234336164326236313265653762333932623734333061
30643233366561343263306365383736326236396335306161353239336534353262313562366363
36633661333037653762333166353231303138326361383634633131663163393330636135393735
64373464346336363134376261623765386163363261326536336632383136636539383532316635
36346561396636393536323831656166373362356532636131613261366335323932613739393463
65643834373561333330643631383830636562386663633935323665353335343939383134623166
30363632336633383134666134666461613461356564303538363536356139623336613539313964
31646136346230366538366437336130356632666538303663646531363438613838393634613835
61316365613666303036643436373562353733356461663262396362323933616336396666623033
65613166363031386333613130316265626366393363623066383261343631343066346533326531
33623838353066366532663937666330313831643933613738313065643564336136333163363164
36613335666632313736336531333933393866643366343365316264623065323339643465613231
39326337623533666263373431663534383566353137333464393036656564666362653131383265
34386435646565616130366136326639363365363865313634383866383934393330316136636637
65613339353364626434636337613832636232333562343735616461326436656662353561366234
61343334336264633034643432303933636535343065613365396463633537626335653734353461
31393463633730383039646338383866323661626633366566383834646432653833353762656630
35333263623830623865396539306532373166636630393730353463363739313935376232323038
66613438376630666630643465336638353737356563373635303161303736656364346430616437
37303464313931633036306430393865356634396639373162396431373065323763303138643830
38313330663737363832316432323961653366613465653130333062313061623932316434643064
64623362656136323161363965613933313938353232653761626436643961333631353762353664
34326531646663633938303933373132326663346639303135333065343130626462636363636235
37613638353235643937323931376234396162636637356131353835363764303638666532643363
65636130626637383561613736396338306565386661363739653265636233353234323561663436
65633131323437353439633732353331343836623263356337366134366364373237363765636563
31346265653831386262333834613335643662306166626663306662376231353335616538666431
31386536383137633533316432316461646535323363623762373439363962346462353436353963
65313134303662643831363934376134363035396665646531633035313261356461393539313134
64633132393361333664636136636665623437623430643837383265626236613830313065373336
66643333636632643265376630623463643466613237626261363837633233396433643361623134
30333232666432636239356236613161313063633337393930333866643738346237613363303765
61633461333466306635626233313861656635333938663362363530333035323937616432633833
66373439376534653935316633373737306233343062306339383335343062326636653438633566
38326333626164303932613464343330346331633964363163303036353637376664316366653539
65383830376235353732646665316133393631326362363136336434346639636230653030303964
35323561616436396632396535663339303033643464643939626563373664306233613662343264
38636439373261356436333536623864376266656664376137653433633866373462313262663561
36653132376137666534633430323661336264663738373339343438653564666332633431336363
63306337653866356536666438396465323939623333646232666336363534636462336262323264
62343332383231626631363934373161383037356664653138323363333366383239646338616561
34336532396165636636643237393838313734626530646537633063306134616539643864633531
34313831663430663463633061636632336665306431646366663331323062633565313262323061
63333339656366356435383936333033313366666662633364353965643366363732353730626132
33383566316331363538323862636231313431356431633639376363653939666234623464343733
61333262393531663538633332633265393133653131336465656239356130643138623562393332
31613237636164343233376630336264643731336132626334373231353532663430383439643830
34643463373265623932636366323431333835633131653064303735303562383435663761653164
31386237626239636636366666326465613433346439616134306462383261303430613231623763
38313132383261333134623365326264333133373533333437326364633132306435663966613063
37623563363761356261386137383635383431626464366331326132363332383130316334623433
38363636363432336136306630636336616435613030323436313837653637653638666230343462
64373035316466356161363738356139643765346466323830623639663834336261633139656333
35643539373264336131323535396436303265313631626134313266396332383762376261393438
61623961616339616462396632333233346538393731373962633037616363383961353539646338
65616239303239396336613237656163363833333766363565643366623438656561656331306633
33376365313038366637363533633163316631643539306666353466646638633364353066373134
64666139613861346339666530326134306166643064333031386632303937303432386665356538
65663736353930353030656263653436383765313766313239656362376266636638626261646238
35656533316634346463613939306235623365353634316662316430663137306334353732373433
3564343038313764366631386661383334386635363632626261
31393435313735653561343266623635633433616336346539333863633234633865353965656635
6332626161336531376533363963663762393363613939630a336563343436323632656337616330
64316537383036363131306331333830643836666362636535313665616362633136383734333536
6633313233343331640a633162663430383762653530383962323432663765383666336563656364
32393730643434303936383466343232646164663561636366616133613733633233336130623861
35633361326638383066346235393161343766306262383634346239393635333462313337623662
38653466613239623866653363313133663462343733626231353631626264363236623035303834
61313762326232346265636564633864306162396665646664356130373461373561313439626533
36633265616565626536613030393637356533656665666636653764376530653135373662323761
36643662626231373963373636646632656434316537366164653163303036366330353933343533
30633263626437396632326237376231343661666161373933393738656366313731323136393564
31613837646237356231623765643737396231643933646133356430623132666235323135653135
31383161333965363162313832323239613933666130666562313064383836393464333336336231
36366266366137613361323863306365623030316530316132353139353732613462393161636632
63653065333066363766613031396534303836313563303362303563356666306638303966386162
62653362326437623439356565626164323662303865376263633564396136313637343164333135
64303266356562303734343033373739313933376637316133623734363034333961353136363761
32316131333233316230633865373733616536366231353534613961653730333162366464633961
66383635303761656362633136393930626439396434313334353762396238646439333666663138
31336362306232633736303061636437633137343462323462393766643538356661646563303735
35623630323166333530346631643561346661376236363933643531653063373263653037323938
38643530323331383136353430613261653566313830616163353466313439333962336134613436
38306262346238663138353861316338626464393238303335363161383333616430623564356563
32396466326363623936323333643462643964363965633161346135643730396136333535626337
36376130316338323732373232313861303831343433646134666337383363353437313536323939
32366131383464623565396631313331636533383935373161336266376337623533346237366533
33326664333332386466633530323765636232313635306466353261663965653239306430366137
64646436376163333032626134623132616630613832393465373933313238326539633361323432
37666436303933356565323134616463383166623766653761353138386638386335383264373334
37663262623564643865623630313665616561306138343163323032623138656166373462656462
62356563633135356465333038333165306564656334316662663239303232653438393361396631
32326361663630623737366230353232626338366137356163663938643266333838376462316335
61306633653034343061376538666635386435643134663262633130306435643931336562386161
31323231643432326164373539333365313535343164666431663239356637383766363963646430
35333765396333306131393731613864616237663132373833613835663537353765383337643166
35393961336464646231663532323432373264313533326563303531313037333861323634353638
65356363326138346233353334613736373635386266653035626137356134396638656638326437
36396430643065376634623562663066353564616336386136623739356635393061323433636137
38663763666434646635333232376633326165653232373761323934393737373466666665363632
30346232373035653535633061613133643934343933356531393739633034363364663738656234
62303639333035396336393734386130373937333734663262393761643162373630346137626136
65666234636263663632376536373662313465393836353339396539636531326136616361346262
35306162343831663962333534623266383234623539376534303337383331623630303830643932
34383736643432363932643762616665376436333930616564383731653565383365366134333131
63663238303539336365633632633337353739333631616239326237663738623934373132366563
36666566633061356335633539333163326164323436633539623331343036346364393737326565
39353333326337306433663163643530643831313065626465363566396537363239313932353365
37396561346138643339663231643464323136653162643233373031383062626364396238303234
35326534376463666237313331663366313535303565323237633066333762343261663166663534
36346464386433343566633737373530326436363632316461636131346431373538343637346236
38383837376137393139373765386235626262663966643931353262316330396138396434363764
32303138393435303665316230396636303136323136373737393239363539643763363638383935
65333037393662313533316338386135656264373663383734643861323531653965343032633030
37306532623332373530653063346165346439643534383735333839633439303439373862346563
31376534653134636530313661626162316531633164656137373366646437306264343661393339
64363039666565373361656235616166653864303933663733356433653565393736356137313935
66376133336539626337656131653931333534646439373065636338626235306363376266336633
31316639663038343864636333303739316532636531346330353936303133333434613962636262
63366436343835333439376162333462663765363463356665363938353165383263656466353061
64373736373538313735333332616135336438663930313339303538306639626662396432366433
64623633626531333332623363323163633962313434626337623565303266663533363663623266
62326232376433316532343065393035356539613665643436343735313761383266363332666236
63303538346261663039393263343535336638613436366265643538363736623463626632326536
30333861666565626532633339363762643461326362663035313565333866346631346433333063
39356631393430653933343365323766333039656135376266303439346334653930323230323461
36653965346533366361613636346332366139613635326564346263393636613239643230656465
37393636616434356665376638356231383334303861356535323338653834656264363466306138
35663139643135363333623231646236633461663135343465393433663664663666393662663633
61613665623164326332363938613261323134306533376539613336386265626537656432616634
65653836653636393134303165306238643738643634386430303537393861663734396162393562
39356334366461393462633063623633656135363736633730373939623763643133316466376266
65663961633063373033353136333832626235663236313236343865646161313337636438633034
64303431663664313934303465333939303432323462383465653366653061306637653566343137
66623935663966663066643738633565313363323961646163383265396461623039323561343430
62396538353631623838396164323530333263636365636538346462646238633861323766373166
62663035346535643331646239396662363633393036396631393335323436333136623731356138
33386365386562383333663837643839656231326362663730613663303437663139303161303837
66623166643561333431376631643764613231643664393561666531613465613266366464313564
61383661363266386535663365343661313534623231333964323536366666626335376665626530
65393837666134316537313036316630313066613563306231643735383233313264643564313231
31386132613663323033656666643739363831343931633636653963363330376464616232326334
64383334353734326536633466656237623964373132333730653561346462643730333431323266
66383530626466663932343135313938326434396332356336386334366665393861633966383236
64363561393363333538323765396365313135633132363433343361306334353135626161383330
32303866643135666664386264653239383932353436326436353766353831306666643539376265
35623663336164383836666531353235653562326431303238643465396666353233333162383263
32643962623535333636386362623965386535666661626434303338393163323936396462333634
61656138356539373464613063396664633761346133313139343437373137333333633263366335
36386562373366623865633534623365653538633731383462613964313861356638643635623032
61313861363437376563636636633366333861343239336263653863623363666137373337303665
65383961643533633261383038623766303331363137636233326230663861663564376133316133
34623730333834313030613166343632333463303636633663346236383032346464633931346338
64396237633933313164303535333535666137613831386637313732653734393165323030356638
65663533616563376436356264376530343065623466343433626265303737346531363736663665
66303039373464363035383633646437313135333531366439653839636464316433313838633332
33363964373237396164666538363536306165386538613732383338613435633662336335326532
63393136646638396133363766623936633661336338303263643264303735393563363362386532
36323266393537663261353931333235323263643736343337336137326530373430656435663734
38636163313231373764383866303531646130666363386334636533653332663134323436613835
36653836613866663937373966383138306636383261396265653132343934376235373966666466
37383162333233643530363233356337616164333833656333666534306434613233396237303637
66376465373663663035353433643461373533323939663633363132663632613362616432616266
61393238363238616261636132376434616266623335633865643136613861363831323761316337
62376238393236313365663263663465386665343063316333643239613335633861376362396632
39313137323339333839613330333931653837333933346163646637373164383033353735396138
66356134363630633738353830343964376665313865343636663232626565643739653336636164
61646464363237663862363234313931653763326663353134643561323562353231626530363663
38643363333764623866653664306661323635303238383765373633633065383039666165343630
30343932303433303963643639616366306138316638653065326563643864313934653063613635
63363464356134383836656662326639376261316435326536373935613530373932616530336231
64333763326366646533666133363264343036656139643238643333636563623635303262313337
37343437363364646663373539303163353438616637356232633333656561373761316535333630
63646432306564313837366334313865343963316638373531376661373631633432613563313134
36323130383334643166313866346436646439396230383538316131633135366630313539653333
35386266613039343665623734363934646638396631323062346331383461363765636336396361
30396166376566333065623737626331346133303233373433346165383537636663363263356163
34626538366133633831316538363335646433313038653239303766313334616634383636643463
35613966613562383237656432336433343766653866626363613661386238613331356466623734
30376436653666386566666636663732633332376363633431386161656337363463643161336264
33643164303830333233373035653837323733336530663263613561653534353865643134646537
33306262323433323362643039323133316165326663616334643433656636306161663362643762
64626361643638393063353138636630656436663663306165656439333734393266656266366161
30356531623865396563653532613932653132353865393932373864303533653233373535326338
65636237303261393336333839613734626330643138643362326338656664333163343731393664
34343532363163336337313131343830626338343461636336396261313731356532383861613938
39623930386164653832313331633238633862653533663037303739633734643438613662616134
37326566396562366266313737393865313133613934303330353764643037393536636535653938
39383065356434646638376266356434386534336637623332323861386362353264333565666632
34653038643631373437306566386130343966633439373566316463393165303064303532363836
63333030653164383863613164323764653638303961383533306235343366383363376438393833
38613530646331383131393235393136633062653431653831613961353131643437663763613631
65306335326162653638343664313238383164373638623139633032656165353632653365386665
35386338616137656532383065366136623066383638376536653661623034313030663961666237
39613733333934396561323639663531663936623362663138303835373635336434313966386333
63626234613861363564623365663430666238386362393330633964383136613537636534336339
35333430393336313930316262346161393066633335653664613436613237633134373562333564
38633736373966656161613037303365343030396566326561376432633637653935653039663832
38623333653761633532633334636636333733656634363361356433613834356665616261363739
62373563383366316633633261366339346430326362333535393066663964656465643235303333
31623864323933393332353062653063313930386363373230323266646533383436623939316432
63626261336561393838376138623934333065363335313831666430616266396530336463613864
33653262623537303863653231343332303539353030333034356134623836396338363335376466
63323939316463383130653034353761313533623436666165383961313339356633666137346264
61373635646231613430386661376230333263633061396231336233306439623137626661356136
64646664333939333461393638356638613835316364343337316361323739306630366637643965
36633333353836306232396334363263303432336463346232306533323263326366653437623530
34636539333538306539656561623666343931313065636162653165643538353565633632303666
37623939643030326364373062646139633438616535643632646332393037356533393365346364
38393633623266623136626264386636643261643664396431353931333731323537643332613831
36386334623431613839666461393866626162666439393932316663623435363030386564656538
64313337656232313239393530386331353733643237343531326535623466343565663134653637
36356263353838326463303764383961623364383632663732613830336165306165383762626635
30346464666534336139313031333436366436623966333465366231306561616131393530363137
32613863383364323532366663316535343963353934666166376165386438386464646232303862
31393563316133663733626665666635383436356362383565386564623330616636393962376562
66363031343537313339626561303630653433663036633161316165346161343665373564663333
31373739656430313238373636383262653332333531353331616264316135333534663930636334
66316538303231636533313536376334613838333062363038303834326662666138643831316438
65653731366665363138333638303436326466666563336631343565336462373737346364353638
65656261396236646265346136616133353861356437316230316364373732623164666330376533
30303431383666396362666534653166313438616265393664303033616265353732623735626533
37336135313836666433333131366135613835623138663234326536373732623532656466386333
30613461633835643033336431363235373636346434306632343365646631343939626364363666
32323530326166353239366433306431306639326231396534313866303264373261643065613861
38666561336461316138653166303361626565323639313663376565616433343862646164646132
39303862333735626665623833656136646638363561346239633331616530356362633335616139
32393138313931666232363561663039353738366635656133633134303963623331363864323235
35316435666634663463633365316262653138656461373431353365363030613533643563643439
64333234343066666138393436643534653235656163343434333738656561653132633631323432
63326434663364393033323263353336303166343664353537376164376666366531643436656630
61386330383364643238386166383665393830343937396161343732313831333138653765323530
32626166346335643638323736353839636534373234333333393533316165666632373237303637
66333539623735373831396566366162636236613031363735396234633437333433613664623834
63656433373531663061383665333233646664363039303631313735306336343238376136663863
61303837623032633661633138303662306466316330366463306265383736636264613633303063
63306436663930393534316364323265646432363130336133366164653862396166623332373166
62633334646133663661613430303735396531623766663132653662393139363436303463303731
36316163393738373362383962643435313365396561636231653566656239346331623861333536
63313764333161343366666331326634383037316561326433353366666332396338303234393161
63656632396535386339353734303939636634376666623730636238356436363737326434316133
34353631613935363666616334623535346663653039383235396162316563303239303565313430
64386432343930633961383862333463306131313063643938666332383865636661323638346265
33343339343434393534613739303763386466663233343163663734326131613930653734626366
35653862323965306630363733363036646139626130613438663939353235613836363433303966
31373835623265653863656465636135366236356636613864313864303539323761633236336533
38393166623066373330626533636538313561386666653637396662333234666263373338613235
38346161313163323263653132306531333235653138626434363637663661623432313634656232
32643730333837396665623830643266373861393137633533643161346262383365633466306163
36323238363230346436666333383833386564636431353039656131316666316631643739646131
63313132366166633565366164353133613033636162346363613333623436666662313332366664
33666635643039326337626361383933326633323931313836386233333632393833643761343662
36616365316236663234346535366135356664303432633531643334663630343534363366373665
38626331346235363937313235323039376465333433653564333131326236646330396364346336
61393763346332326439636533653534303564306564643034343161646230303863663635376264
39666134366439313665303662393736393531326237343536646533653364393731613161346434
63313630653761626665313639663932643139316138666337346566336366396531393539333166
38646335646635366366626335633435316163613439316337363231346433366265346664333630
65366236336336343031346138646639623834393666376335666561363862323737363831653863
65616364323136666662313237643930623230333566336638663138396232353230366262653433
36343933333930336639333730653435336538353430383561623661666430656666313431656238
30363537343561336139646231393666303832393366323562386133643632373633666137623638
64383430666361323764393638386337613835666263336537616132393361346364303065393739
63613338623237623761373033653861383830356365643466356164356236323365363936393531
37326563623231386264303031346262393763343262666136323566323930643963653831353331
31653134323730346261326132313132633731636238643536346266393432626234306635666233
65306438663234343739633837663562656666326335343934396235356233336537353466363234
64396263326562353539643032613635613863646638613531323630373966333331333038306536
64333566613362323136626432333039363266356331306262373361363738353461336334646662
64363363626432323838353737366161353462626536373931623834343763306635613731326164
33333639353762383138346632313863613162333464663230616361343436393139386264353733
62633364646662323832343764613762623634633639653236623866383435343730336239353264
38613039376337386531316666643562333534373664386466376333353031643931356337363462
30306535306264366565393064393034636664313936663330363932333863323766383134623239
63613531363533373637343563633533313866363664633339323631656431636662643534326563
32336662313965343461366635373865643738646634353433626666326366333738663134326263
33303238353531373463343835616635376330376138363662643835313462393866353230303338
39393562396463613564643236656235653036633338373137333335343332323435373739646363
62393435653837373265646137313135636333663561303938646565373333353638313132666238
33653530663663663264326537373536666662363235343337393666303963313435356566653065
32333633633130386539636638333766623964383165663866373331303166353335653965313165
30326534636235646131393565666664636630666139663836653361326463396139616435363034
35386637366630346235336231333937336134353630336437663361306437323532646639353361
35383238336462666165646235363532316431613837343230316638376239336433303564303830
66643262623861613361376264333662376335636433363734343833643464636530316632333166
64323030373266333562303638636665353130363532623033393065333530663933363238346336
65663966333938373861353963643936363739313263656432353161623037313339333136313832
34656334353036356538303062333765636466626164366435333530663835376665653662343037
33363663626236313432643037393166363031346534396162396137303065643335636563393037
35656238303438666563373638373237626362306530613535303865363937346266613631343737
30363234613739383637646132356332373762363862353865663365343636383232653131383637
65333631383663343162623931633133306538393836313961633731363630366266663833616332
61616131323031356538613735623663643138366664383566636165656631383866363663396238
37633833623065313035313565373434633262646237396339373731313365336438656438363466
62343231346664653135336430326538363932353938333662613862636265373836613236666366
61636337343231363162656239306361313864636638343139656438353934356131373564663166
31343861303238333935313761383766613531663131386639316532663364643962353230366264
33313463306434306565626135316535326237656333363631356661363832633930313130313764
37333330633339643531373532363166333063623836646661326265616664323666333734656239
63313966363031363165383231333765343439306438323531336537323865656333313934323036
32326665333636623565353639393861393530663466303335333565663362386563643465643365
66346437393362333863646364633835353639383964303635366633366635333535343038373836
62373039323534613634626633666561393963336336396534616462643033666635373133353033
61343838616163313531333438386636353936366462643238393539623539383034653064356338
35363930613464356238666630306639363233663361323531336332356464383230646564663936
31373530653064356263396230633865346132333730636539323737353333393363303434666137
32326161333737653662663638613166363966396566623437306133373864363739343336306230
34333263313839656538643634353735356530306235356134656330653064336634616663646334
39303538376238343833613230326265656662346639366632363031333036383865393633373934
34626230623065626637383066373361623536663635373863316338343831333235323934353030
38346633376331353964646164323566393664643161393962376265643563356434643066363261
34616634633835383261303833666331323630366537373832326333363632333661373637626130
36323038366137363761346137313663343334333236666539323034626563353966623165383630
62633337636238373238356464386361333434396233623133653062313161353138653865316261
34373562623561383066313931616565653362346434353732326237303562323332396161333565
36383663383234373462663565316338333035326362616231346430653965336530366664616636
64323532623335346236373862343539303663323435623438663931626432316565366463346161
37623361366161393664373561313532613039636138626330333064643366303063663631306362
38386637353336653063346264653962623965623330333239653634396466303564613738333336
30663066333862623865663539333039656634663232623765323234633130666564363430653138
34623661633162343564383761383038383834376132303663323537383661613032636536323038
33616135636166316232313963393663383361633232316231666231396265363536316361343462
33623463313538393334336563613339643137613430373732303136393731663964316639356534
64303034333933316530306236386662656234396639313164333734303065333536313564643133
32346634316633376432646331353764373037383333636336646630646133313665663564616337
32616661666265313838313735393663626530633138333732356431623965323936363466353461
30663835313839613465333464616332636466636237336231346465373263363362356439326438
66633037373537383063356230373235663561623631386431393864626666376631393230626433
39353766356164653832356132346537626639363933653833346463663930643364613362353736
31376665383938383963383031653463383061623363636430316265623362326532633061356531
32363366316633333135333032366135626166333135643130636434346265663361333763636562
36663334323962646330353639333265366666316232303636386662326134653532363563376235
34353130616666633666313833373037636362333231643030666465623433613032376435366436
39393665643734393163646366356565316432396431366436383631303261336534333966663461
39626235333564363337656262313239633431356331326664356464323734316564373238643538
38353039616237333532306133313032353664336463383363333030656135633035333237616139
30376337663134653837336231383365363732663230326661393430383365313637363666323735
61663461613039623230656636643462333334323334363630393434663133373038633337303866
65376364663034326462363939343763636561376461313134336537633763313431663537363734
31366361666264383232393730323530333531356331323030313231666430653765316166303031
64626162303465343662653263386432646562323261643163653337666265303262633131363534
33663639613437613432363761323063623136626366633037383435363832353761373963396361
65666439383137313331316637343534636534376135373066363737316262303064656363353633
65626464366130663839376435363562623636366333643137356361376331336464643330383164
30663137653863363137323834323631333932383632623333643139626539666636306262633531
66323066643465373334316136666464613034376434363264313536333538356332336566616235
35346432626264333162356633363438393339303365653162363136653464656434643939613766
31633063643037666265346363376333636330643464663433666663643435353437316634303835
37353131313537383466653439623861343762333137366464386133643232386365313630613932
64353366666531653238366232666631303161386265373564343832363637393338323165393330
64386262313231656566396539633861666666383165376264636361366139613332373438373833
65663464643165323238383464656436333738626266376466303739353464616133383339613464
36616663653331623035303136616535633237343936326238326337643135663230376232303639
61346566343335303339613333643234383937323335306531636362393236353262396334303430
31666264396363616430653735333963313638636135363538633136383036636464633366323831
30373865353336343762653764396365326462613935663332323233353637666661333038663962
31613036393632356436343536393033353166326535366334333938646165653466353961366638
32373638366435346530653632623139343062623364666533323932303337663739666539666630
64376166336463616132353331323733383365303835313561363130613231616362313963633433
32633564303835623434356432393566373338373039633965643731373334643965326237303936
33623364636338313164623763376331376431316637653330633534353463373762613539663031
33633839363566343336393632356236376336396633386337666136653461313439616663613763
35373263363463616136633762326663626166336565363661396263643236333961343237383863
64313262396533313966393232623439316463663137316634393163653762356362323330613564
32376539363137393462323732316437353036646336363437656135666632316333303635383632
65613162363566643036333539666362316530396134656361616537346638333833353262663238
63333663393839386434623934613264366533323265333165393533343834613561323265653137
33386566613837363461313130666232333766393764326533326530356163613663386462376338
66626465636133343239623666623238346530373464313164616230653135393339303339633132
31373134666664643932373266313534323039653966356432343564623364653132393864636465
65363461656165393330613136323434333561386462656139636338383738333361396434313436
34343536303664666637326165303230323163306136323066346335366563393364366265323337
32353165666565393238313236376333373733643931643163613563303933376239343133623434
61383937623637383665363330633038393131373933356235353065303762316665376266353332
37323431373462663536663263373138363737303464303532666333656439316634636262366364
34366266613465613439613762396661663463656437623562656238336562376539323662346339
61633734373535333964363139333363393765313333326563643239333238306231363565613736
64333330633639643734323131346538623965396437376531356237643331316534306237613861
36616534376566656532366365333738656264666630613066316538333830396335303731303661
38313938323435336239636634313735313363353035623535626531643732626437363730653566
33393833383836376666323637363263383037333730613039353264663236303461356632623532
64373432323033373739316135323064633739376330613731393831383761363262316466313666
36333939396231613939393962633537336430613437306335393563366233613036396634333934
30363235303566303830303132383261373463316437623431663965376331636161386433616332
63393836326430303864626366656166646166653234653065613739623662386236393938313537
65646266353138363634616632366163353239336361366162323132646261646335383830366164
36353832393538666137666330313733383137663631663034613863373463643461633139616130
63303761396530373264373136366362643166313137616265306165313163363864653035393862
63363731643132663166643432383933373861313364656665336538343264323761613865383636
30333339613133663234646330393438353130633033363661663131353132663936626636333138
35643063303837326233323632323966613832346564333361306130646562326534653766663662
38306566613662393432636166653361313761663766616563393036393135633366323865373637
62633633393233613833323563363165656236653034353162376661306137613830306163656431
62363738646236343465616139613238326235666139366337636663353063346533613437633762
65343532386235323333363364346466666161356366363037643866633962656432373461393730
63633934623632393838646139373165616165663538636131373963393364633962336430366635
61663134336639333165323765373131623537656531656239363461643066303734346334356433
30663762623263623864333862396366363531633661373933343533616133346338656138646233
31666633353038373035353066396563626534306134666430336365336666623162343166333132
32363639353166363861393336316539316663306462383966303135313165666539316662356632
39613439653933316466656638656264633830646232333839646465396465353436653934616535
63353933626438643465303839653662353835613662623337613436653533613339336631306239
32383835306134386266323037333066653833616363353139616565393031373162663839373766
35323935303762643836386532646564643063663834613064353634316130333063376636316531
39646261623936313535323437333861623161346633316533636234336264653532396663663931
33626438646136333062343462616436343964343462623236613737623837643233346632316564
38633634646635353030313263363765386638623037306230333038313031353161306666306137
39616262616239396163356262323038616230383262616462313936643530626132353337663231
65336563396565323435386561383434626234613030643831333630346136396631636361323833
61353034663766386566313432386234323536326236376436353963343062303961623962393165
30323762393064326566643936613064396536636336656565373630356334613939396431613636
62383338373865313730656533656331396266393130616164356638336661346231383536663232
33623833323965643139626239396530323735643732613761386262383738616463373665363138
31656631663463626233366537353061663832626335393038656131383137323130343337346638
39643332306463613236333564613234333438393033623135363764623130656239383235316539
31643863623664613864373363356138323662363064393962333838613335623831343134653438
65633361613439376131636535363961653831376563313838626131393464353465643934326563
61616262373230356462326434323631393837336231316262366235323538343338306239656633
39373864646132643132363733643364353734633565623733353438356632653665313932653735
61616139636631306634636430613933393961336235393130376263366233386239306332356163
65633865396236633362393037313637396134383637303034393663623862656139616634366430
64613863376266663665663638353130396431333136393930653530623432636434376462616236
64646539643135363337656235643463383834383433666162653830613936663036313832643765
30646239636332613036333330326462313533633737346261393162616336653064636437313964
39656139643865393863303337373430636461373139303839353737613633343635383538643238
31313432626632666361386137353765373837656239383565636562643131343634393162373665
38396232363662356561313436303337323437316137323233306638396137623831396561353230
36363636383462373330613264326339643638366331633864333537333636323264303630646431
37343030323165306163666138633830656131323234316265656266326564333262653664393139
33386561653231373336653339656662336466363366376366316263366466316562363633326530
38333065656431393534363531613966333234363135366465626330353234313536353637616461
34386336303362626162653836643334306430633836336335326461303538646664383334643731
36613831643530346137303530313363316634623466383563303964633633376466356664626538
63613336343831643465623432306463326430373530353963663662363136613762666334373239
36656465346464666533613131616237323732393966343563353166343262633962383439623763
33356633363831636163313035646461336137633431373766646334623134356332313937353537
33313233363436393939613032303032393961613533356536663064623265333832336130616664
32353766313437356238333737353037366161393734306434393966373536626536636531616665
65393461313135653031353830386138393930366463316665393030326463663763396161666538
65663465633864323763303239626135393534396561636336316262383962306135306135363938
63363935663465316132373932303961643730306535393232356239353539373864343064653165
63303138646235323232363137313062636231386636396332393139643833393435366462653436
33363465663065633464613639383766376334623765646230306635616235313339353736393739
30323764386130303162326133613138366437333632363238653663643937623839636266393135
62313139393034376233653232623861333663316663396239333163633336393732663831623566
65653031363563626231303037363437343164333336623838666639623431303465346534653331
62313533333130333466643837643763613130626234626134323065323165303334626539306366
35636631373763396235303031346339383134666564363632316533323430393463313438306234
63356566323362363163333633646661656233636335653563373865303864393737623065336234
65366565636166656366333264353637653136313739653630316130633037303536313663613034
61303539653831353038326339653535656539336566656531613730303135613863616561353638
30303134663035393765346338373339646465666561303966323631313832643736343638616533
63343331396336323233653333353531666134633636373164353432306166373735666335626461
66326535653137613037616335356137623261313733636637393464386539303365646464343062
39313965393465376164353963613664613666336633323534333165306165626632366431633133
31393736343532313961313336653562363739353831333166663934613062393439333762393936
66306565393963363238353266613166383333313530313762643536363032316163343733323431
38666235356639666236363966383531643731623161333462313961353238653836643066303365
65653433343364316431343266346561386237303234303333326530323934373936333463333035
66663935633935633631396538316564313331623336353831336537393066613966613363353635
30306638643335323362666230353330643832393631633637643730623138633533653232643266
34616238316237663863613737396131616539663137353331616666613532623139643136303430
34306231386161316531313137343735393363303635366265613132366466643230376565313264
32333530336638323436383938353537643731376438353365306265656130396334383038356361
35316462393666396237323461303266666665346131303866333136663565646636653963666230
62313539303062666630353162616361613036396362333366613634626666613236396464646263
66373736393364376430363536363434316164663463356365623731633838663535666437623732
31663831303762303162663435623463613139636538643537643538303033616537333034343539
39386333616135306664613066653438343666626535313432356233663435356464303162623663
32326665653662346237346139386331356466386637376136396634363631613866616161356538
36386530393436373737333330383234376162626437393061303238326439646264356361323037
36383438383533366232613236623333333062333836373730663736653665623231616234353863
32333365666563613630653163373430653934656130663962353234616665366134663334343538
37633833333732616232386630626332306535633562653961346637303665356539346662386433
35643531383937393639643439623934353066313536636630653564643664316265306564663633
32333537653566373739366634373032636563323132306239643631356666666533633066633434
36373463363639613139666430613063666235666166633163633361353735633763363636383537
66363736336133633232383135306637343930633431306162613136353263643230323836616136
62323230333663643963373432396439313663656439633766333065363432396235323335376332
31633738383037393564303433613363373861313133383232333336666665663533333563316461
39333035383539613666313361326539383435303264643033363533366464303636633938383538
61646564386630306564633861643035396631373061303139643234393363303637376565653661
35623261346536623766323230373435653531643432363034633134356433646535663366326634
66663837306165316665626133343836383639623431393634323363633839373435356634663132
38653465303032356233643766336330383536363164616565366665373538616462313633336431
30613663643639333766613365396264616136633036633366336437613737663335633837663538
33366266336433643764373238643231386536613633663830663261313663366639653830393864
37633534383635336633623762336665323962653233396365313335346636656361386337366430
30313533363831663738383661643633613730343030656230393066303438313162633234663261
31656231353235623363376330666330653963323537323636316231323138656563383334646433
38653339666565366562326137343964346462323830356633643032316339313465633335306331
35343138303765326361346232303933393730646330373131333831336331656335303736343762
34623433346561343137643739633438386134623038633331396663343636346231343632306230
37363338373166663262386331363763623535633930303039373934633338336562303930356562
35616332333631643962623936393463636630643536343331633563383930666364343030623635
62373531663036323364376131653633323637643736356130623032313936386135393165613932
65373430373135353264306136363130393261636664636261656364663439663738616436343935
38613332303265623132313539626635393034666239393764373937626162643232646433643937
33373938646564306265396161613136653634666636663964666434363061373166633730656132
64393932356438336563366632346334313239653532623861636466633933333538373630303632
30323763643663363038366533356336306238653666303531373165646565666332613465376661
31363436393732616135633235653465343338336633633631353862363634626538646337633763
6538363236353664376631336136663963333832343064613738

253
secrets/vault.yml.text Normal file
View File

@@ -0,0 +1,253 @@
openclaw_alice:
http_nodes:
NPM:
account: openclaw
password: wnHgM62DeWCz
url: http://ai.cowbay.org:8181
ftp_excenone:
host: 66.45.244.235
note: FTP (SSL/TLS available) account provided by Eric
password: B3FWN8td
service: ftp
username: excenone
gitea:
url: https://gitea.cowbay.org
account: openclaw@cowbay.org
password: openclawOPENCLAW1!
token: 6175f48f82a2708f2882b8b170f08294ae8afab5
gmail_mc_ai_claw_agents:
account: mc.ai.claw.agents@gmail.com
password: qekyha5360QEKYHA5360
provider: gmail
google_ai_studio:
api_key: AIzaSyCfr19UPwFlEJ1hSnV1uOYDsAgBDgqY6bM
note: for Gemini / Google AI Studio testing
platform: google-ai-studio
librenms:
account: alice
api_key: aeb09cd2e66c385013be8b470fe4acd4
auth: mysql
email: alice@ntu.edu.rs
note: LibreNMS API + UI account provided by Eric for ERP-DB disk usage check
password: phow1aeV4ad)au6k
url: http://192.168.100.2:8000
linear:
account: alice@ntu.edu.rs
api_token: lin_api_m061e2U96xrd0rYLHsJDwKmIRQVyKKFEJ3vVZQYy
url: https://linear.app
maton:
api_key: 3gJcxhUWqpmDd94QEi8SIjQw_j6DQTTpi8nLSbylpTou_wm_ZFfAfWC_KUAlvEMMFCea82548A8v_VAklhVwl3xvP4bp7YnO3xo
service: maton-outlook-gateway
ntu_webmail:
url: http://mx.ntu.edu.rs:8025/webmail
account:
- name: hermes@ntu.edu.rs
password: uNi0lo7Vohz_aigh
- name: alice@ntu.edu.rs
password: qekyha5360QEKYHA%#^)
outlook_alice:
account: alice_mc_claw@outlook.com
password: phow1aeV4ad)au6k
url: https://outlook.live.com
tavily:
api_key: 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
service: Tavily
vertex_ai:
platform: google-vertex-ai
token: AQ.Ab8RN6L8qyV-5udTlUeLu-iMjGTmxUOscKwGWMWyUlKS7W_O_w
multica:
url: http://192.168.17.123:3004
workspace_id: c0b7cb73-8f49-4ae6-904a-44d462213cde
pat: mul_01d7722234218c999e2b573f11ffd4cf1016a930
note: Multica self-host; PAT for API/CLI (revoke+rotate if exposed)
image_host_excen_one:
url: https://i.excen.one
account: alice
password: Atie=W2Uovahngae
purpose: public image hosting for WordPress-visible assets
api_token: MTc3NzI1MTI2MzYxNw==.Y2YzYWY0Mzc1Y2M3ZDIyMmQ0YTJmZjI0Ljg0M2FmNGE5Njk5YWU4YWY1OGIzNzQwNTBlMDI5NDI0YTRiZTJlNWUxMDEzZTQ0NWNkMzk5NTQ1NTRhNDhhY2NjODA3MDg2NTFmNThhOTE4MGU1ZGU3M2VmNzk0ZDM1Y2M5NmQ0MjEwM2VhMmU2ZGUyMjdlOGFmNzEwMzI4NDU4M2QuNGI5YThhNjlmYzhmMDFiOGRlNzNhNDg4NjMzNTQyZWQ=
wordpress_cowbay:
url: https://wp.cowbay.org
account: alice
password: dfDhT3EPiE4Nik*W0j3q7hIU
purpose: WordPress site login / publishing target
application_password: zyml YP9N goCe fqvb lYjp boPW
HQS016_MSSQL_SERVER:
type: mssql
host: 192.168.100.16
port: 1433
database: application
account: observer
password: uy7pee5Thi)soo6e
connection_string: Server=192.168.100.16,1433;Database=application;User Id=observer;Password=uy7pee5Thi)soo6e;Encrypt=False;TrustServerCertificate=True;
readonly: true
note: Read-only MSSQL observer account for application DB; key renamed from
HQS014_MSSQL_SERVER to HQS016_MSSQL_SERVER after host was corrected to 192.168.100.16
per Eric on 2026-04-27.
ssh_nodes:
ai:
account: alice
hostname: ai.cowbay.org
public_key: /home/chchang/.ssh/openclaw_alice_ed25519.pub
gitea:
hostname: gitea.cowbay.org
account: git
public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHGz8BuT9vfZ2Z+fvuxfxHKoQdLlTdpZSYn3zFvuIj2
openclaw-alice@A0411117
private_key_path: /home/chchang/.ssh/openclaw_alice_ed25519
public_key_path: /home/chchang/.ssh/openclaw_alice_ed25519.pub.pub
gitea_for_alice:
hostname: gitea.cowbay.org
account: git
public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHGz8BuT9vfZ2Z+fvuxfxHKoQdLlTdpZSYn3zFvuIj2
openclaw-alice@A0411117
cowbay_provider:
base_url: http://ai.cowbay.org:8317/v1
models:
- gpt-5.4
- gpt-5.3-codex
api_keys:
- sk-MFvBcto52ZiUxlz1V
- sk-HPIwhEI0dXkc0y1oM
- sk-mWOVHJhS0da5gxXbx
infra:
hqs_virtualization:
summary: HQs virtualization/storage/backup environment provided by Eric on 2026-04-27.
Contains ESXi01/02, guest OS inventory, vCenter, IBM FlashSystem 5045, Synology
RS822+, and HP ProDesk auth host.
esxi_hosts:
esxi01:
sn: J900PBC5
ip: 192.168.100.41
account: root
password: root#DSC
xcc:
ip: 192.168.100.43
account: USERID
password: Dsc@52404664
guest_os:
hqs35:
purpose:
- ERPDB
- EFDB
os: Windows Server 2022
windows:
account: administrator
password: dsc@52404664
sql:
version: SQL Server 2022
account: sa
password: dsc@52404664
backup:
sql_schedule: daily 00:00 backup all DBs to D:\SQLBACKUP
sql_retention_days: 28
synology_drive_client: installed
nas_backup_schedule: daily 01:00 backup D:\SQLBACKUP and Conductor
directory to NAS ERPBACKUP folder
nas_retention_days: 30
resident_programs:
- socket system controller
- dispatch center
hqs36:
purpose:
- ERPAP
os: Windows Server 2022
windows:
account: administrator
password: dsc@52404664
resident_programs:
- socket
hqs37:
purpose:
- EFAP
os: Windows Server 2022
windows:
account: administrator
password: dsc@52404664
resident_programs:
- socket
- electronic dispatch center
esxi02:
sn: J9014TRN
ip: 192.168.100.42
account: root
password: root#DSC
xcc:
ip: 192.168.100.44
account: USERID
password: Dsc@52404664
guest_os:
hqs38:
purpose:
- B2B AP
os: Windows Server 2022
windows:
account: administrator
password: dsc@52404664
hqs39:
purpose:
- B2B DB
os: Windows Server 2022
windows:
account: administrator
password: dsc@52404664
hqs40:
purpose:
- Veeam virtual machine backup
os: Windows Server 2022
windows:
account: administrator
password: dsc@52404664
vcenter:
ip: 192.168.100.49
account: administrator@vsphere.local
password: Dsc@52404664
notes:
- vCenter created
- cluster created
storage:
ibm_flashsystem_5045:
sn: 7811DY9
left_controller_ip: 192.168.100.45
right_controller_ip: 192.168.100.46
account: superuser
password: Digiwin@123
hardware: 1.92TB PCS SSD x2 RAID1 cache; 2.4TB x8 RAID6 main storage
volumes:
- 12TB
- 500GB
nas:
synology_rs822_plus:
ip: 192.168.100.47
hardware: Synology 4TB x4
management_account:
account: nasadmin
password: Dsc@52404664
backup_account:
account: bakaccount
password: Dsc@52404664
folders:
- ERPBACKUP
auth_host:
hp_prodesk_400_g6_desktop_mini:
ip: 192.168.100.48
purpose: authentication host
os: Windows 11 Pro built-in
account: dsc
password: dsc@52404664
installed:
- Guard Manager
ports:
- external-to-internal 6666
- external-to-internal 6667
licensing:
csp: assigned to customer original account
gitea:
base_url: https://gitea.cowbay.org
ssh_url_template: ssh://git@gitea.cowbay.org:2203/{owner}/{repo}.git
account: openclaw
email: openclaw@cowbay.org
password: openclawOPENCLAW1!
api_token: 6175f48f82a2708f2882b8b170f08294ae8afab5
private_key_path: /home/chchang/.ssh/openclaw_alice_ed25519
public_key_path: /home/chchang/.ssh/openclaw_alice_ed25519.pub.pub