sync: auto-sync from GURU-5070 at 2026-06-15 17:49:06

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-15 17:49:06

wiki/systems/uos-server.md

@@ -33,7 +33,15 @@ So the UniFi-OS web/API HTTPS port is **`11443`**, not the classic `8443`. On `1
 
 ## Access (the single-shot path)
 
-**SSH:** our standard key is already authorized as **root** on the guest. Direct, or jump via Jupiter:
+**SSH:** a **dedicated fleet key** is authorized as **root** on the guest — vault
+`infrastructure/uos-server-ssh-key` (the private key is base64 in field
+`ssh-private-key-b64`; vault-helper can't store multiline). Any fleet machine can use it:
+```bash
+bash .claude/scripts/vault.sh get-field infrastructure/uos-server-ssh-key credentials.ssh-private-key-b64 \
+  | base64 -d > /tmp/uos && chmod 600 /tmp/uos && ssh -i /tmp/uos root@172.16.3.29 'id'
+```
+`.claude/scripts/uos-mongo.sh` resolves this key automatically (no setup). GURU-5070's
+personal key is also authorized (legacy). Direct, or jump via Jupiter:
 ```bash
 ssh root@172.16.3.29 'id'                 # direct (office LAN or Tailscale subnet route)
 ssh -J root@172.16.3.20 root@172.16.3.29  # via Jupiter