fix: vault path from per-machine identity.json, not hardcoded paths
- Add .claude/scripts/vault.sh wrapper (reads vault_path from identity.json) - get-token.sh + patch-tenant-admin-manifest.sh read identity.json for vault root - syncro.md uses wrapper via CLAUDETOOLS_ROOT - CLAUDE.md + ONBOARDING.md document the pattern and prompt for vault_path on onboarding - identity.json now includes vault_path (D:/vault on DESKTOP-0O8A1RL) Howard and Mac need vault_path added to their identity.json after pulling. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -81,13 +81,22 @@ if [[ -f "$CACHE_FILE" ]] && [[ $(find "$CACHE_FILE" -mmin -55 2>/dev/null) ]];
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Locate vault repo — candidates cover Windows (D:/vault), Git Bash (/d/vault),
|
||||
# Mac/Linux ($HOME/vault), and optional override via VAULT_PATH env var.
|
||||
VAULT_ROOT=""
|
||||
for candidate in "${VAULT_PATH:-}" "D:/vault" "$HOME/vault" "/d/vault" "$HOME/.vault"; do
|
||||
[[ -n "$candidate" && -d "$candidate" ]] && VAULT_ROOT="$candidate" && break
|
||||
done
|
||||
[[ -z "$VAULT_ROOT" ]] && { echo "ERROR: SOPS vault not found (tried D:/vault ~/vault /d/vault ~/.vault; set VAULT_PATH to override)" >&2; exit 3; }
|
||||
# Locate vault repo via .claude/identity.json (per-machine, gitignored).
|
||||
# Falls back to VAULT_PATH env var if set.
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
CLAUDETOOLS_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
|
||||
IDENTITY_FILE="$CLAUDETOOLS_ROOT/.claude/identity.json"
|
||||
|
||||
VAULT_ROOT="${VAULT_PATH:-}"
|
||||
if [[ -z "$VAULT_ROOT" && -f "$IDENTITY_FILE" ]]; then
|
||||
for py in py python3 python; do
|
||||
if command -v "$py" >/dev/null 2>&1; then
|
||||
VAULT_ROOT=$("$py" -c "import json; print(json.load(open('$IDENTITY_FILE')).get('vault_path',''))" 2>/dev/null) && break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
[[ -z "$VAULT_ROOT" ]] && { echo "ERROR: vault_path not set in $IDENTITY_FILE and VAULT_PATH env var not set" >&2; exit 3; }
|
||||
[[ ! -d "$VAULT_ROOT" ]] && { echo "ERROR: vault not found at $VAULT_ROOT (check vault_path in $IDENTITY_FILE)" >&2; exit 3; }
|
||||
|
||||
SOPS_FILE="$VAULT_ROOT/$VAULT_PATH"
|
||||
[[ ! -f "$SOPS_FILE" ]] && { echo "ERROR: vault file not found: $SOPS_FILE" >&2; exit 3; }
|
||||
|
||||
@@ -17,11 +17,20 @@ TENANT_ADMIN_APP_ID="709e6eed-0711-4875-9c44-2d3518c47063"
|
||||
GRAPH_RESOURCE_APP_ID="00000003-0000-0000-c000-000000000000"
|
||||
ROLE_MGMT_PERMISSION_ID="9e3f62cf-ca93-4989-b6ce-bf83c28f9fe8"
|
||||
|
||||
VAULT_ROOT=""
|
||||
for candidate in "${VAULT_PATH:-}" "D:/vault" "$HOME/vault" "/d/vault" "$HOME/.vault"; do
|
||||
[[ -n "$candidate" && -d "$candidate" ]] && VAULT_ROOT="$candidate" && break
|
||||
done
|
||||
[[ -z "$VAULT_ROOT" ]] && { echo "[ERROR] SOPS vault not found (tried D:/vault ~/vault /d/vault ~/.vault; set VAULT_PATH to override)" >&2; exit 3; }
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
CLAUDETOOLS_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
|
||||
IDENTITY_FILE="$CLAUDETOOLS_ROOT/.claude/identity.json"
|
||||
|
||||
VAULT_ROOT="${VAULT_PATH:-}"
|
||||
if [[ -z "$VAULT_ROOT" && -f "$IDENTITY_FILE" ]]; then
|
||||
for py in py python3 python; do
|
||||
if command -v "$py" >/dev/null 2>&1; then
|
||||
VAULT_ROOT=$("$py" -c "import json; print(json.load(open('$IDENTITY_FILE')).get('vault_path',''))" 2>/dev/null) && break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
[[ -z "$VAULT_ROOT" ]] && { echo "[ERROR] vault_path not set in $IDENTITY_FILE and VAULT_PATH env var not set" >&2; exit 3; }
|
||||
[[ ! -d "$VAULT_ROOT" ]] && { echo "[ERROR] vault not found at $VAULT_ROOT (check vault_path in $IDENTITY_FILE)" >&2; exit 3; }
|
||||
|
||||
# ── Step 1: Get Management app client secret ──────────────────────────────────
|
||||
echo "[INFO] Reading Management app secret from vault..."
|
||||
|
||||
Reference in New Issue
Block a user