# Credentials & Authorization Reference **Last Updated:** 2026-03-24 **Purpose:** Centralized credentials for Claude Code context recovery **Project:** ClaudeTools MSP Work Tracking System **Backend:** 1Password (vaults: Infrastructure, Clients, Projects, MSP Tools) ## How to Read Secrets ```bash # Single field op read "op://VaultName/ItemTitle/field_name" # Full item op item get "ItemTitle" --vault VaultName # With service account (no biometric) export OP_SERVICE_ACCOUNT_TOKEN="op://Infrastructure/Service Account Auth Token: Agentic_Cli/credential" ``` --- ## Infrastructure - SSH Access ### GuruRMM Server (172.16.3.30) - **Host:** 172.16.3.30 - **Hostname:** gururmm / gururmm-build - **User:** op://Infrastructure/GuruRMM Server/username - **SSH Password:** op://Infrastructure/GuruRMM Server/password - **Sudo Password:** op://Infrastructure/GuruRMM Server/password - **SSH Port:** 22 - **Role:** Production server hosting ClaudeTools database and API, GuruRMM system, cross-platform builds - **Services:** - MariaDB 10.6.22 (Port 3306) - PostgreSQL 14 (Port 5432) - ClaudeTools API (Port 8001) - GuruRMM API (Port 3001) - Nginx reverse proxy (Port 80/443) - **ClaudeTools Database:** - Database: claudetools - User: op://Infrastructure/GuruRMM Server/Databases.MariaDB User - Password: op://Infrastructure/GuruRMM Server/Databases.MariaDB Password - **GuruRMM Database (PostgreSQL):** - Database: gururmm - User: op://Infrastructure/GuruRMM Server/Databases.PostgreSQL User - Password: op://Infrastructure/GuruRMM Server/Databases.PostgreSQL Password - Connection: postgres://[user]:[pass]@172.16.3.30:5432/gururmm - **GuruRMM API Access:** - Base URL: http://172.16.3.30:3001 - Production URL: https://rmm-api.azcomputerguru.com - Admin Email: op://Infrastructure/GuruRMM Server/GuruRMM API.Admin Email - Admin Password: op://Infrastructure/GuruRMM Server/GuruRMM API.Admin Password - JWT Secret: op://Infrastructure/GuruRMM Server/GuruRMM API.JWT Secret - **OS:** Ubuntu 22.04 LTS - **SSH Keys:** guru@wsl, guru@gururmm-build (ed25519) ### Jupiter (Unraid Primary - 172.16.3.20) - **Host:** 172.16.3.20 - **User:** op://Infrastructure/Jupiter (Unraid Primary)/username - **SSH Port:** 22 - **Password:** op://Infrastructure/Jupiter (Unraid Primary)/password - **WebUI Password:** op://Infrastructure/Jupiter (Unraid Primary)/password - **Role:** Primary container host, Gitea server, NPM, GuruRMM, Seafile - **Services:** - Gitea (Port 3000, SSH 2222) - Docker containers - NPM (Nginx Proxy Manager) - Ports 1880 (HTTP), 18443 (HTTPS), 7818 (admin) - GuruRMM API (Port 3001) - Seafile Pro (Port 8082) - **iDRAC (Dell Remote Management):** - IP: 172.16.1.73 (DHCP) - User: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC User - Password: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC Password - IPMI Key: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.IPMI Key - Web UI: https://172.16.1.73/ - **SSH Keys:** claude-code@localadmin (ed25519), root@GuruSync (ed25519), guru@wsl (ed25519), guru@gururmm-build (ed25519) ### IX Server (Hosting - 172.16.3.10) - **Host:** ix.azcomputerguru.com - **Internal IP:** 172.16.3.10 - **External IP:** 72.194.62.5 - **User:** op://Infrastructure/IX Server/username - **SSH Port:** 22 - **Password:** op://Infrastructure/IX Server/password - **OS:** Rocky Linux (WHM/cPanel) - **Role:** Primary cPanel hosting server for client websites (80+ accounts) - **Services:** - WHM (Web Host Manager) - Port 2087 - cPanel - Port 2083 - Apache/LiteSpeed web server - MariaDB (multiple client databases) - PHP-FPM - **Access Methods:** - SSH (external): ssh root@ix.azcomputerguru.com - SSH (internal): ssh root@172.16.3.10 - WHM: https://ix.azcomputerguru.com:2087 - cPanel: https://ix.azcomputerguru.com:2083 - **VPN Required:** Yes (for external SSH access) - **Hosted Sites:** 40+ WordPress sites ### WebSvr (Legacy Hosting - websvr.acghosting.com) - **Host:** websvr.acghosting.com - **External IP:** 162.248.93.81 - **User:** op://Infrastructure/WebSvr (Legacy Hosting)/username - **SSH Port:** 22 - **Password:** op://Infrastructure/WebSvr (Legacy Hosting)/password - **OS:** CentOS 7 (WHM/cPanel) - **Role:** Legacy cPanel hosting server, DNS management for ACG Hosting domains - **API Token:** op://Infrastructure/WebSvr (Legacy Hosting)/API.API Token - **Status:** Active - DNS management, some legacy sites ### pfSense Firewall (172.16.0.1) - **Host:** 172.16.0.1 - **SSH Port:** 2248 - **User:** op://Infrastructure/pfSense Firewall/username - **Password:** op://Infrastructure/pfSense Firewall/password - **OS:** FreeBSD (pfSense 2.8.1) - **Role:** Primary network firewall, VPN gateway, Tailscale gateway - **Services:** - Firewall rules - VPN server - Tailscale subnet router - DHCP server - **Tailscale:** - Tailscale IP: 100.79.69.82 (pfsense-1) / 100.119.153.74 (pfsense-2) - Subnet Routes: 172.16.0.0/22 - **Web UI:** https://172.16.0.1 - **Status:** CRITICAL PRODUCTION - Network gateway - **Network:** - LAN Subnet: 172.16.0.0/16 - OpenVPN: 192.168.6.0/24 - WAN (Fiber): 98.181.90.163/31 - Public IPs: 72.194.62.2-10, 70.175.28.51-57 ### Saturn (172.16.3.21) - DECOMMISSIONED - **Host:** 172.16.3.21 - **User:** op://Infrastructure/Saturn (DECOMMISSIONED)/username - **Password:** op://Infrastructure/Saturn (DECOMMISSIONED)/password - **OS:** Unraid 6.x - **Status:** DECOMMISSIONED - Migration to Jupiter complete (Seafile migrated 2025-12-27) ### OwnCloud VM (172.16.3.22) - **Host:** 172.16.3.22 - **Hostname:** cloud.acghosting.com - **User:** op://Infrastructure/OwnCloud VM/username - **Password:** op://Infrastructure/OwnCloud VM/password - **OS:** Rocky Linux 9.6 - **Role:** OwnCloud file synchronization server ### VMware Workstation Pro (192.168.3.24) - **Host:** 192.168.3.24 - **User:** op://Infrastructure/VMware Workstation/username - **Password:** op://Infrastructure/VMware Workstation/password ### HP iLO (172.16.9.125) - **Host:** 172.16.9.125 - **User:** op://Infrastructure/HP iLO/username - **Password:** op://Infrastructure/HP iLO/password --- ## External/Client Servers ### GoDaddy VPS (208.109.235.224) - Grabb & Durando - **Host:** 208.109.235.224 - **User:** root - **Auth:** SSH key (id_ed25519) - **OS:** CloudLinux 9.6 - **Status:** OFFLINE - migration complete - **Database Credentials:** op://Clients/GoDaddy VPS - Grabb & Durando (OFFLINE)/Database.* ### Neptune Exchange Server (67.206.163.124) - **Hostname:** neptune.acghosting.com - **Public IP:** 67.206.163.124 - **Internal IP:** 172.16.3.11 (requires Dataforth VPN) - **Admin User:** op://Clients/Neptune Exchange Server/username - **Admin Password:** op://Clients/Neptune Exchange Server/password - **Exchange Version:** Exchange Server 2016 - **OWA URL:** https://neptune.acghosting.com/owa/ - **Status:** Active - **Notes:** Requires VPN access (OpenVPN to Dataforth network) --- ## Dataforth Infrastructure ### ESXi Host (192.168.0.122) - **Host:** 192.168.0.122 - **User:** op://Clients/Dataforth ESXi 122/username - **Password:** op://Clients/Dataforth ESXi 122/password - **Web UI:** https://192.168.0.122 - **SSH User:** op://Clients/Dataforth ESXi 122/SSH.SSH User - **SSH Password:** op://Clients/Dataforth ESXi 122/SSH.SSH Password - **VMs:** AD1, AD2, FILES-D1, PBX ### ESXi Host (192.168.0.124) - **Host:** 192.168.0.124 - **User:** op://Clients/Dataforth ESXi 124/username - **Password:** op://Clients/Dataforth ESXi 124/password ### PBX (192.168.100.2) - **Host:** 192.168.100.2 - **Hostname:** pbx.intranet.dataforth.com - **User:** op://Clients/Dataforth PBX/username - **Password:** op://Clients/Dataforth PBX/password - **OS:** Debian 12 (Sangoma FreePBX 17) - **Network:** VLAN100 (192.168.100.0/24) - **SIP Trunk:** FirstDigital (66.7.123.215, PJSIP) - **Extensions:** 201-343 range (~35 endpoints) ### AD2 (Production Server - 192.168.0.6) - **Host:** 192.168.0.6 - **Hostname:** AD2.intranet.dataforth.com - **Domain:** INTRANET - **User:** op://Clients/Dataforth AD2/username - **Password:** op://Clients/Dataforth AD2/password - **OS:** Windows Server 2022 - **Role:** Production server, Secondary Domain Controller - **Service Account:** - User: op://Clients/Dataforth AD2/Service Account.Service User - Password: op://Clients/Dataforth AD2/Service Account.Service Password - UPN: ClaudeTools-ReadOnly@dataforth.local - **Notes:** SMB1 disabled for security (after crypto attack). WinRM port 5985, SSH port 22. ### AD1 (Primary Domain Controller - 192.168.0.27) - **IP:** 192.168.0.27 - **Hostname:** AD1.intranet.dataforth.com - **User:** op://Clients/Dataforth AD1/username - **Password:** op://Clients/Dataforth AD1/password - **Role:** Primary DC, NPS/RADIUS server - **NPS Ports:** 1812/1813 (auth/accounting) ### D2TESTNAS (SMB1 Proxy - 192.168.0.9) - **Host:** 192.168.0.9 - **SSH User:** op://Clients/Dataforth D2TESTNAS/username - **SSH Password:** op://Clients/Dataforth D2TESTNAS/password - **Web User:** op://Clients/Dataforth D2TESTNAS/Web.Web User - **Web Password:** op://Clients/Dataforth D2TESTNAS/Web.Web Password - **Engineer Access:** op://Clients/Dataforth D2TESTNAS/SMB.Engineer User / op://Clients/Dataforth D2TESTNAS/SMB.Engineer Password - **Role:** SMB1 proxy/bridge for DOS 6.22 machines - **Shares:** \\D2TESTNAS\test (T:), \\D2TESTNAS\datasheets (X:) ### Dataforth DOS Machines (TS-XX) - **Network:** 192.168.0.0/24 - **OS:** MS-DOS 6.22 - **Count:** ~30 machines for QC testing - **Credentials:** None (local DOS machines, NULL SMB passwords) - **Network Drives:** T: = \\D2TESTNAS\test, X: = \\D2TESTNAS\datasheets ### UDM (UniFi Dream Machine - 192.168.0.254) - **IP:** 192.168.0.254 - **SSH User:** op://Clients/Dataforth UDM/username - **SSH Password:** op://Clients/Dataforth UDM/password - **Web User:** op://Clients/Dataforth UDM/Web.Web User - **Web Password:** op://Clients/Dataforth UDM/Web.Web Password - **Notes:** 2FA push enabled. OpenVPN 192.168.6.0/24. --- ## Services - Web Applications ### Gitea (Git Server) - **URL:** https://git.azcomputerguru.com/ - **SSH:** ssh://git@172.16.3.20:2222 - **Username:** op://Infrastructure/Gitea/username - **Password:** op://Infrastructure/Gitea/password - **API Token:** op://Infrastructure/Gitea/API.API Token - **Repository:** azcomputerguru/ClaudeTools, azcomputerguru/claude-projects ### NPM (Nginx Proxy Manager) - **Admin URL:** http://172.16.3.20:7818 - **User:** op://Infrastructure/NPM (Nginx Proxy Manager)/username - **Password:** op://Infrastructure/NPM (Nginx Proxy Manager)/password - **Cloudflare API Token:** op://Infrastructure/NPM (Nginx Proxy Manager)/Cloudflare.Cloudflare API Token - **Proxy Hosts:** - emby.azcomputerguru.com -> 172.16.2.99:8096 - git.azcomputerguru.com -> 172.16.3.20:3000 - plexrequest.azcomputerguru.com -> 172.16.3.31:5055 - rmm-api.azcomputerguru.com -> 172.16.3.20:3001 - unifi.azcomputerguru.com -> 172.16.3.28:8443 - sync.azcomputerguru.com -> 172.16.3.20:8082 ### ClaudeTools API (Production) - **URL:** http://172.16.3.30:8001 - **Docs:** http://172.16.3.30:8001/api/docs - **Database:** op://Projects/ClaudeTools Database/* - **Auth:** JWT tokens (POST /api/auth/token) - **JWT Secret:** op://Projects/ClaudeTools API Auth/credential - **Test User:** op://Projects/ClaudeTools API Auth/Test Email / op://Projects/ClaudeTools API Auth/Test Password ### Seafile Pro (File Sync) - **URL:** https://sync.azcomputerguru.com - **Username:** op://Infrastructure/Seafile Pro/username - **Password:** op://Infrastructure/Seafile Pro/password - **Database:** op://Infrastructure/Seafile Pro/Database.* - **Microsoft Graph API:** op://Infrastructure/Seafile Pro/Microsoft Graph.* - **Storage:** 11.8TB ### Cloudflare - **API Token (Full DNS):** op://Infrastructure/Cloudflare/API Token Full DNS - **API Token (Legacy):** op://Infrastructure/Cloudflare/API Token Legacy - **Domain:** azcomputerguru.com ### Matomo Analytics - **URL:** https://analytics.azcomputerguru.com - **Username:** op://Infrastructure/Matomo Analytics/username - **Password:** op://Infrastructure/Matomo Analytics/password - **Database:** op://Infrastructure/Matomo Analytics/Database.* - **Site IDs:** 1=azcomputerguru.com, 2=community forum, 3=radio show --- ## Projects - ClaudeTools ### Database (MariaDB) - **Host:** 172.16.3.30 - **Port:** 3306 - **Database:** claudetools - **User:** op://Projects/ClaudeTools Database/username - **Password:** op://Projects/ClaudeTools Database/password - **Connection String:** op://Projects/ClaudeTools Database/Connection String - **Tables:** 38 tables (fully migrated) - **Encryption:** AES-256-GCM for credentials table ### Encryption Keys - **Method:** AES-256-GCM (Fernet) - **Key:** op://Projects/ClaudeTools Encryption Key/credential - **Key Storage:** Environment variable ENCRYPTION_KEY - **Warning:** DO NOT COMMIT TO GIT ### API Authentication - **Method:** JWT tokens - **JWT Secret:** op://Projects/ClaudeTools API Auth/credential - **Token Endpoint:** POST /api/auth/token - **Test User:** op://Projects/ClaudeTools API Auth/Test Email - **Test Password:** op://Projects/ClaudeTools API Auth/Test Password --- ## Projects - GuruRMM ### Dashboard/API Login - **URL:** https://rmm.azcomputerguru.com - **Email:** op://Projects/GuruRMM Dashboard/username - **Password:** op://Projects/GuruRMM Dashboard/password ### Database (PostgreSQL) - **Host:** 172.16.3.30 - **Port:** 5432 - **Database:** gururmm - **User:** op://Projects/GuruRMM Database/username - **Password:** op://Projects/GuruRMM Database/password - **Connection:** op://Projects/GuruRMM Database/Connection String ### API Server - **External URL:** https://rmm-api.azcomputerguru.com - **Internal URL:** http://172.16.3.30:3001 - **JWT Secret:** op://Projects/GuruRMM API Server/credential ### Microsoft Entra ID (SSO) - **App ID:** op://Projects/GuruRMM Entra SSO/App Registration.App ID - **Client Secret:** op://Projects/GuruRMM Entra SSO/App Registration.Client Secret - **Secret Expires:** 2026-12-21 - **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback ### CI/CD (Build Automation) - **Webhook URL:** http://172.16.3.30/webhook/build - **Webhook Secret:** op://Projects/GuruRMM CI-CD/credential - **Build Script:** /opt/gururmm/build-agents.sh - **Deploy Path:** /var/www/gururmm/downloads/ ### Clients & Sites #### Glaztech Industries (GLAZ) - **Site Code:** DARK-GROVE-7839 - **API Key:** op://Projects/GuruRMM Glaztech Site/credential #### AZ Computer Guru (Internal) - **Site Code:** SWIFT-CLOUD-6910 --- ## Projects - GuruConnect ### Database (PostgreSQL) - **Host:** localhost (172.16.3.30) - **Port:** 5432 - **Database:** guruconnect - **User:** op://Projects/GuruConnect Database/username - **Password:** op://Projects/GuruConnect Database/password - **DATABASE_URL:** op://Projects/GuruConnect Database/DATABASE_URL --- ## Client - MVAN Inc ### Microsoft 365 Tenant 1 - **Tenant:** mvan.onmicrosoft.com - **Admin User:** op://Clients/MVAN M365/username - **Password:** op://Clients/MVAN M365/password --- ## Client - BG Builders LLC ### Microsoft 365 Tenant - **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27 - **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com - **Admin User:** op://Clients/BG Builders M365/username - **Password:** op://Clients/BG Builders M365/password - **Cloudflare Zone ID:** op://Clients/BG Builders M365/Cloudflare Zone ID - **Licenses:** 8x Business Standard, 4x Exchange Online Plan 1, 1x Basic ### Email Security (Configured 2025-12-19) | Record | Status | Details | |--------|--------|---------| | SPF | OK | `v=spf1 include:spf.protection.outlook.com -all` | | DMARC | OK | `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com` | | DKIM | OK | selector1/selector2 CNAMEs configured | | MX | OK | bgbuildersllc-com.mail.protection.outlook.com | --- ## Client - CW Concrete LLC ### Microsoft 365 Tenant - **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711 - **Default Domain:** NETORGFT11452752.onmicrosoft.com - **Notes:** De-federated from GoDaddy 2025-12 --- ## Client - Dataforth ### Microsoft 365 - **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584 - **Admin:** op://Clients/Dataforth M365/username / op://Clients/Dataforth M365/password - **Entra App (Claude-Code-M365):** - App ID: op://Clients/Dataforth M365/Entra App.App ID - Client Secret: op://Clients/Dataforth M365/Entra App.Client Secret - Expires: 2027-12-22 ### NPS RADIUS Configuration - **Server:** 192.168.0.27 (AD1) - **Port:** 1812/UDP (auth), 1813/UDP (accounting) - **Shared Secret:** op://Clients/Dataforth M365/NPS RADIUS.Shared Secret - **RADIUS Client:** unifi (192.168.0.254) --- ## Client - Valley Wide Plastering (VWP) ### UDM - **IP:** 172.16.9.1 - **User:** op://Clients/VWP UDM/username - **Password:** op://Clients/VWP UDM/password ### VWP-DC1 - **IP:** 172.16.9.2 - **Hostname:** VWP-DC1.VWP.US - **User:** op://Clients/VWP DC1/username - **Password:** op://Clients/VWP DC1/password - **NPS RADIUS Shared Secret:** op://Clients/VWP DC1/NPS.Shared Secret ### Citrix XenServer - **Management IP:** 192.168.0.104 - **User:** op://Clients/VWP XenServer/username - **Password:** op://Clients/VWP XenServer/password - **iDRAC IP:** 192.168.3.30 - **iDRAC User/Pass:** op://Clients/VWP XenServer/iDRAC.* ### QuickBooks Server iDRAC - **iDRAC IP:** 192.168.3.189 - **User:** op://Clients/VWP QuickBooks Server iDRAC/username - **Password:** op://Clients/VWP QuickBooks Server iDRAC/password --- ## Client - Khalsa ### UCG - **IP:** 172.16.50.1 - **User:** op://Clients/Khalsa UCG/username - **Password:** op://Clients/Khalsa UCG/password ### Switch - **User:** op://Clients/Khalsa Switch/username - **Password:** op://Clients/Khalsa Switch/password ### Accountant Machine (172.16.50.168) - **User:** op://Clients/Khalsa Accountant Machine/username - **Password:** op://Clients/Khalsa Accountant Machine/password - **Local Admin:** op://Clients/Khalsa Accountant Machine/Local Admin User / op://Clients/Khalsa Accountant Machine/Local Admin Password --- ## Client - Scileppi Law Firm ### RS2212+ (Primary NAS) - **IP:** 172.16.1.59 - **User:** op://Clients/Scileppi RS2212+/username - **Password:** op://Clients/Scileppi RS2212+/password - **Storage:** 25TB total, 6.9TB used - **User Accounts:** op://Clients/Scileppi RS2212+/Users.* ### DS214se / Unraid (POWERED OFF) - Credentials in op://Clients/Scileppi DS214se (POWERED OFF)/* and op://Clients/Scileppi Unraid (POWERED OFF)/* --- ## Client - heieck.org ### Microsoft 365 Migration - **Tenant:** heieckorg.onmicrosoft.com - **Mailbox passwords:** op://Clients/heieck.org M365/* --- ## MSP Tools ### Syncro (PSA/RMM) - **API Base URL:** https://computerguru.syncromsp.com/api/v1 - **API Key:** op://MSP Tools/Syncro/credential ### Autotask (PSA) - **API Zone:** webservices5.autotask.net - **API Username:** op://MSP Tools/Autotask/API Username - **API Password:** op://MSP Tools/Autotask/API Password - **Integration Code:** op://MSP Tools/Autotask/credential ### CIPP (M365 Management) - **URL:** https://cippcanvb.azurewebsites.net - **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d - **App ID:** op://MSP Tools/CIPP/OAuth.App ID - **Client Secret:** op://MSP Tools/CIPP/OAuth.Client Secret - **Scope:** op://MSP Tools/CIPP/OAuth.Scope ### Claude-MSP-Access (Multi-Tenant Graph API) - **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d - **App ID:** op://MSP Tools/Claude-MSP-Access (Graph API)/App ID - **Client Secret:** op://MSP Tools/Claude-MSP-Access (Graph API)/credential ### ACG-MSP-Access (Google Workspace) - **Service Account:** op://MSP Tools/ACG-MSP-Access (Google Workspace)/Service Account Email - **Key File:** temp/acg-msp-access-8f72339997e5.json - **Onboarded Tenants:** lonestarelectrical.net --- ## VPN Access ### Peaceful Spirit VPN (L2TP/IPSec) - **Server IP:** 98.190.129.150 - **Username:** op://Clients/Peaceful Spirit VPN/username - **Password:** op://Clients/Peaceful Spirit VPN/password - **Pre-Shared Key:** op://Clients/Peaceful Spirit VPN/VPN.Pre-Shared Key - **Remote Network:** 192.168.0.0/24 --- ## Tailscale Network | Tailscale IP | Hostname | Owner | OS | Notes | |--------------|----------|-------|-----|-------| | 100.79.69.82 | pfsense-1 | mike@ | freebsd | Gateway | | 100.125.36.6 | acg-m-l5090 | mike@ | windows | Workstation | | 100.92.230.111 | acg-tech-01l | mike@ | windows | Tech laptop | | 100.96.135.117 | acg-tech-02l | mike@ | windows | Tech laptop | | 100.113.45.7 | acg-tech03l | howard@ | windows | Tech laptop | | 100.77.166.22 | desktop-hjfjtep | mike@ | windows | Desktop | | 100.101.145.100 | guru-legion9 | mike@ | windows | Laptop | | 100.119.194.51 | guru-surface8 | howard@ | windows | Surface | | 100.66.103.110 | magus-desktop | rob@ | windows | Desktop | | 100.66.167.120 | magus-pc | rob@ | windows | Workstation | --- ## SSH Public Keys ### guru@wsl (Windows/WSL) - **Key Type:** ssh-ed25519 - **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl - **Sudo Password:** op://Infrastructure/GuruRMM Server/password (same as SSH) - **Authorized on:** GuruRMM build server, IX server, Jupiter, Saturn ### azcomputerguru@local (Mac) - **Key Type:** ssh-ed25519 - **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local - **Authorized on:** GuruRMM build server, IX server, AD2, D2TESTNAS ### claude-code@localadmin (Windows) - **Key Type:** ssh-ed25519 - **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABnQjolTxDtfqOwdDjamK1oyFPiQnaNT/tAgsIHH1Zo - **Authorized On:** pfSense --- ## 1Password Service Account - **Item:** op://Infrastructure/Service Account Auth Token: Agentic_Cli/credential - **Vaults Accessible:** Infrastructure, Clients, Projects, MSP Tools (Read & Write) - **Usage:** Set OP_SERVICE_ACCOUNT_TOKEN env var for non-interactive CLI access --- ## Context Recovery Usage When a new Claude session starts or context is lost: 1. **Read this file first** - Get all infrastructure details and op:// paths 2. **Use `op read`** to fetch actual credentials as needed 3. **Check session-logs/** - Find recent work and decisions 4. **Read SESSION_STATE.md** - Get project status and phase **Quick credential fetch:** ```bash # Set service account token first export OP_SERVICE_ACCOUNT_TOKEN=$(op read "op://Infrastructure/Service Account Auth Token: Agentic_Cli/credential") # Then read any credential op read "op://Infrastructure/IX Server/password" op read "op://Projects/ClaudeTools Database/password" op read "op://Clients/Dataforth AD2/password" ``` --- ## Security Notes - **Secrets are stored in 1Password** - op:// references are safe to commit to private repos - **Never commit resolved .env files** - only .env.tpl with op:// references - **ClaudeTools encrypts credentials in database with AES-256-GCM** - **Service account token** should be set as environment variable, not committed - **Rotate on exposure** - update in 1Password, re-inject everywhere