---
name: feedback_physical_access_codes
description: How to capture physical site-access codes (alarm/lockbox/door) — vault physical-access entry + wiki pointer
metadata:
  type: feedback
---

Physical site-access codes (alarm, lockbox, door/gate keypad, safe) are credentials — capture
them like any other secret (see [[feedback-vault-every-credential]]), but with this shape:

- **Vault:** `clients/<slug>/physical-access-<location>.sops.yaml`, `kind: physical-access`,
  codes under the encrypted `credentials:` block (`lockbox_code`, `main_door_code`,
  `alarm_code`, etc.), `location:` set, and a `notes:` line documenting what each code opens +
  who it belongs to (flag personal vs shared, e.g. "Mike's personal alarm code"). One entry per
  site/location when a client is multi-site.
- **Wiki:** add a `## Physical Access` section in `wiki/clients/<slug>.md` that POINTS to the
  vault path + the `vault get-field` command — never the raw codes. Add the vault file to the
  doc's `sources:` frontmatter.
- Never echo codes in chat/logs or commit plaintext.

**Why:** Mike floated a "notes section for alarm/lockbox codes" that was never built; the vault
`physical-access` kind + wiki pointer IS that implementation. First entry: Peaceful Spirit NW
(2026-06-14). **How to apply:** when any physical code surfaces, vault it this way + add the
wiki pointer; don't improvise a new location for it. If Mike wants a richer structured
site-notes UI later, that's a [[feedback_ct_thoughts_backlog]] item.