-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathsecrets.example.json
More file actions
23 lines (21 loc) · 1.2 KB
/
secrets.example.json
File metadata and controls
23 lines (21 loc) · 1.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{
"$comment": "Declarative secret manifest. Copy to secrets.json (or run `just secrets-init`) and edit.",
"$comment_bitwarden": "If set, unlock bw CLI and resolve `bw` refs against this folder. Leave empty/null to skip Bitwarden entirely.",
"bitwarden": {
"folder": "machine secrets"
},
"$comment_env": "Map of env-var-name -> resolver. Resolvers in order: bw (bitwarden item), envName (copy from laptop env), fallback (gh-cli for gh auth token). First one that succeeds wins; missing secrets emit a warning unless required=true.",
"env": {
"OPENAI_API_KEY": { "bw": "OpenAI API Key" },
"ANTHROPIC_API_KEY": { "bw": "Anthropic API Key" },
"GITHUB_TOKEN": { "bw": "GitHub PAT", "fallback": "gh-cli" },
"AWS_ACCESS_KEY_ID": { "bw": "AWS", "field": "username" },
"AWS_SECRET_ACCESS_KEY": { "bw": "AWS", "field": "password" },
"VERCEL_TOKEN": { "bw": "Vercel Token" }
},
"$comment_files": "Config files/directories to copy verbatim from laptop to box.",
"files": [
{ "src": "~/.aws/credentials", "dest": "~/.aws/credentials", "mode": "0600" },
{ "src": "~/.config/gh/hosts.yml", "dest": "~/.config/gh/hosts.yml", "mode": "0600" }
]
}