azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ops: vault + age key setup instructions for Howard and Mac

Browse Source
This commit is contained in:
Mike Swanson
2026-04-21 19:38:04 -07:00
parent 6125ba15d9
commit 3f94aefa57
1 changed files with 85 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
session-logs/2026-04-21-session.md
View File

@@ -274,3 +274,88 @@ VIP_NO_AUTODISCOVER, VPN_Ports, Webhost_Internal
2. **Cloudflare alias** — consider applying to WAN rules to restrict to CF IPs only (security hardening)
3. **Broad WAN pass rule** — review and tighten if possible
4. **22 M365 tenants** — still need initial Tenant Admin consent (unchanged from earlier session)
---
## Note for Howard
**Vault + SOPS age key setup required on ACG-Tech03L before remediation-tool will work.**
### 1. Clone the vault repo
Run in Git Bash (real terminal, not Claude Code shell):
```bash
git clone http://azcomputerguru@172.16.3.20:3000/azcomputerguru/vault.git D:/vault
```
Password: `Gptf*77ttb123!@#-git`
### 2. Install the SOPS age key
Create this file: `C:\Users\howard\.config\sops\age\keys.txt`
Content (copy exactly):
```
# created: 2026-03-30T13:53:19-07:00
# public key: age1qz7ct84m50u06h97artqddkj3c8se2yu4nxu59clq8rhj945jc0s5excpr
AGE-SECRET-KEY-1DE3V6V0ZLLZ45A7GA77M79CTN4LZQMTRCURP8VRGNLV6T2FSZEEQXUW2EU
```
### 3. Add vault_path to identity.json
Edit `.claude/identity.json` in your ClaudeTools folder, add:
```json
"vault_path": "D:/vault"
```
### 4. Test
```bash
bash C:/claudetools/.claude/skills/remediation-tool/scripts/get-token.sh grabblaw.com investigator
```
Expected: JWT token starting with `eyJ...`
---
## Note for Mike (Mac)
**Vault + SOPS age key setup required on Mikes-MacBook-Air before remediation-tool will work.**
### 1. Clone the vault repo
Run in a real terminal (not Claude Code shell):
```bash
git clone http://azcomputerguru@172.16.3.20:3000/azcomputerguru/vault.git ~/vault
```
Password: `Gptf*77ttb123!@#-git`
### 2. Install the SOPS age key
```bash
mkdir -p ~/.config/sops/age
cat > ~/.config/sops/age/keys.txt << 'AGEEOF'
# created: 2026-03-30T13:53:19-07:00
# public key: age1qz7ct84m50u06h97artqddkj3c8se2yu4nxu59clq8rhj945jc0s5excpr
AGE-SECRET-KEY-1DE3V6V0ZLLZ45A7GA77M79CTN4LZQMTRCURP8VRGNLV6T2FSZEEQXUW2EU
AGEEOF
chmod 600 ~/.config/sops/age/keys.txt
```
### 3. Add vault_path to identity.json
Edit `/Users/azcomputerguru/ClaudeTools/.claude/identity.json`, add:
```json
"vault_path": "/Users/azcomputerguru/vault"
```
### 4. Test
```bash
bash ~/ClaudeTools/.claude/skills/remediation-tool/scripts/get-token.sh grabblaw.com investigator
```
Expected: JWT token starting with `eyJ...`