azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: vault sync instructions for Windows laptop

Browse Source 
Step-by-step checklist to sync 5 new-tier SOPS files to shared vault.
Unblocks Howard's remediation-tool usage on ACG-Tech03L.

Ready for DESKTOP-0O8A1RL session.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-04-21 19:17:26 -07:00
parent 90f9d9eda1
commit c40a71e452
1 changed files with 181 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
.claude/TODO-vault-sync-for-howard.md Normal file
View File

@@ -0,0 +1,181 @@
# TODO: Vault Sync for Howard (DESKTOP-0O8A1RL Session)
**Priority:** HIGH - Blocks Howard's remediation-tool usage
**Estimated time:** 5-10 minutes
**Created:** 2026-04-21 Mac session
---
## What I Need You to Do
Howard is blocked on remediation-tool because the 5 new-tier app SOPS files are only on your Windows machine. They need to be committed to the shared vault repo so he can pull them on ACG-Tech03L.
---
## Step-by-Step Instructions
### 1. Navigate to Vault Repository
```bash
cd D:\vault
git status
```
**Expected:** You should see the vault repo is clean or has uncommitted SOPS files.
### 2. Verify the 5 New-Tier SOPS Files Exist
```bash
dir D:\vault\msp-tools\computerguru-*.sops.yaml
```
**You should see these 5 files:**
- `computerguru-security-investigator.sops.yaml`
- `computerguru-exchange-operator.sops.yaml`
- `computerguru-user-manager.sops.yaml`
- `computerguru-tenant-admin.sops.yaml`
- `computerguru-defender-addon.sops.yaml`
**If ANY are missing:** Stop and tell me which ones are missing. Don't proceed.
### 3. Check If Already Committed to Vault Repo
```bash
git ls-files D:\vault\msp-tools\computerguru-*.sops.yaml
```
**If all 5 files are listed:** They're already tracked. Skip to Step 5 (push).
**If none or only some are listed:** They need to be added. Proceed to Step 4.
### 4. Add the SOPS Files to Git
```bash
git add msp-tools/computerguru-security-investigator.sops.yaml
git add msp-tools/computerguru-exchange-operator.sops.yaml
git add msp-tools/computerguru-user-manager.sops.yaml
git add msp-tools/computerguru-tenant-admin.sops.yaml
git add msp-tools/computerguru-defender-addon.sops.yaml
```
**Or add them all at once:**
```bash
git add msp-tools/computerguru-*.sops.yaml
```
**Then commit:**
```bash
git commit -m "feat: add new-tier app suite SOPS files for team access
Adds 5 tiered MSP app credentials to shared vault:
- Security Investigator (Graph read-only + Exchange read)
- Exchange Operator (Exchange write)
- User Manager (Graph user/group write)
- Tenant Admin (Graph high-privilege)
- Defender Add-on (MDE only)
Unblocks Howard's remediation-tool usage on ACG-Tech03L.
Enables all machines to run breach checks against consented tenants.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"
```
### 5. Push to Vault Remote
```bash
git push origin main
```
**If push fails with auth error:** Check if you need to authenticate with Gitea.
**If push fails with "rejected":** Run `git pull --rebase origin main` first, then push again.
### 6. Verify Push Succeeded
```bash
git log -1 --oneline
```
Should show your commit at HEAD.
---
## What This Unblocks
**For Howard (ACG-Tech03L):**
1. He can pull vault: `cd D:/vault && git pull origin main`
2. All 5 SOPS files will appear in his `D:/vault/msp-tools/`
3. `get-token.sh` will work for all tiers
4. He can complete the Cascades spoofing hunt
5. He can run remediation-tool against any consented tenant
**For you (all machines):**
- Mac can clone vault and run remediation-tool (if needed)
- Windows continues to work as before
- Consistent vault state across all machines
---
## After Vault Sync - Notify Howard
Once pushed, send Howard a message (Slack/email/Teams):
```
Howard - Vault is synced.
Pull the latest on ACG-Tech03L:
cd D:/vault
git pull origin main
You should now have all 5 new-tier SOPS files in D:/vault/msp-tools/
Test token acquisition:
bash C:/claudetools/.claude/skills/remediation-tool/scripts/get-token.sh grabblaw.com investigator
If that works, you can finish the Cascades spoofing hunt.
- Mike
```
---
## Troubleshooting
### "fatal: not a git repository"
**Problem:** You're not in the vault directory.
**Fix:** `cd D:\vault` and verify with `git status`
### "SOPS files don't exist"
**Problem:** The files might be in a different location or not created yet.
**Fix:** Search for them: `dir D:\vault\*.sops.yaml /s`
### "git push rejected"
**Problem:** Remote has changes you don't have locally.
**Fix:**
```bash
git pull --rebase origin main
git push origin main
```
### "Authentication failed"
**Problem:** Git credentials not cached.
**Fix:** Verify Gitea credentials or use SSH if configured.
---
## Quick Checklist
- [ ] Navigate to `D:\vault`
- [ ] Verify 5 SOPS files exist in `msp-tools/`
- [ ] Check if already tracked with `git ls-files`
- [ ] Add files with `git add msp-tools/computerguru-*.sops.yaml`
- [ ] Commit with detailed message
- [ ] Push to `origin main`
- [ ] Verify push succeeded
- [ ] Notify Howard
---
**Status:** Ready for Windows session
**Created by:** Mac session (Mikes-MacBook-Air.local)
**Next action:** Execute this checklist on DESKTOP-0O8A1RL