azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1191123602b9a8bf13aca32035f20d0e644ec68d
claudetools/credentials.md
Mike Swanson 232f463325 credentials.md: add Uranus entry, note IP reuse on Saturn 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 09:07:43 -07:00

649 lines
24 KiB
Markdown
Raw Blame History

# Credentials & Authorization Reference
**Last Updated:** 2026-03-24
**Purpose:** Centralized credentials for Claude Code context recovery
**Project:** ClaudeTools MSP Work Tracking System
**Backend:** 1Password (vaults: Infrastructure, Clients, Projects, MSP Tools)
## How to Read Secrets
```bash
# Single field
op read "op://VaultName/ItemTitle/field_name"
# Full item
op item get "ItemTitle" --vault VaultName
# With service account (no biometric)
export OP_SERVICE_ACCOUNT_TOKEN="op://Infrastructure/Service Account Auth Token: Agentic_Cli/credential"
```
---
## Infrastructure - SSH Access
### GuruRMM Server (172.16.3.30)
- **Host:** 172.16.3.30
- **Hostname:** gururmm / gururmm-build
- **User:** op://Infrastructure/GuruRMM Server/username
- **SSH Password:** op://Infrastructure/GuruRMM Server/password
- **Sudo Password:** op://Infrastructure/GuruRMM Server/password
- **SSH Port:** 22
- **Role:** Production server hosting ClaudeTools database and API, GuruRMM system, cross-platform builds
- **Services:**
- MariaDB 10.6.22 (Port 3306)
- PostgreSQL 14 (Port 5432)
- ClaudeTools API (Port 8001)
- GuruRMM API (Port 3001)
- Nginx reverse proxy (Port 80/443)
- **ClaudeTools Database:**
- Database: claudetools
- User: op://Infrastructure/GuruRMM Server/Databases.MariaDB User
- Password: op://Infrastructure/GuruRMM Server/Databases.MariaDB Password
- **GuruRMM Database (PostgreSQL):**
- Database: gururmm
- User: op://Infrastructure/GuruRMM Server/Databases.PostgreSQL User
- Password: op://Infrastructure/GuruRMM Server/Databases.PostgreSQL Password
- Connection: postgres://[user]:[pass]@172.16.3.30:5432/gururmm
- **GuruRMM API Access:**
- Base URL: http://172.16.3.30:3001
- Production URL: https://rmm-api.azcomputerguru.com
- Admin Email: op://Infrastructure/GuruRMM Server/GuruRMM API.Admin Email
- Admin Password: op://Infrastructure/GuruRMM Server/GuruRMM API.Admin Password
- JWT Secret: op://Infrastructure/GuruRMM Server/GuruRMM API.JWT Secret
- **OS:** Ubuntu 22.04 LTS
- **SSH Keys:** guru@wsl, guru@gururmm-build (ed25519)
### Jupiter (Unraid Primary - 172.16.3.20)
- **Host:** 172.16.3.20
- **User:** op://Infrastructure/Jupiter (Unraid Primary)/username
- **SSH Port:** 22
- **Password:** op://Infrastructure/Jupiter (Unraid Primary)/password
- **WebUI Password:** op://Infrastructure/Jupiter (Unraid Primary)/password
- **Role:** Primary container host, Gitea server, NPM, GuruRMM, Seafile
- **Services:**
- Gitea (Port 3000, SSH 2222)
- Docker containers
- NPM (Nginx Proxy Manager) - Ports 1880 (HTTP), 18443 (HTTPS), 7818 (admin)
- GuruRMM API (Port 3001)
- Seafile Pro (Port 8082)
- **iDRAC (Dell Remote Management):**
- IP: 172.16.1.73 (DHCP)
- User: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC User
- Password: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.iDRAC Password
- IPMI Key: op://Infrastructure/Jupiter (Unraid Primary)/iDRAC.IPMI Key
- Web UI: https://172.16.1.73/
- **SSH Keys:** claude-code@localadmin (ed25519), root@GuruSync (ed25519), guru@wsl (ed25519), guru@gururmm-build (ed25519)
### IX Server (Hosting - 172.16.3.10)
- **Host:** ix.azcomputerguru.com
- **Internal IP:** 172.16.3.10
- **External IP:** 72.194.62.5
- **User:** op://Infrastructure/IX Server/username
- **SSH Port:** 22
- **Password:** op://Infrastructure/IX Server/password
- **OS:** Rocky Linux (WHM/cPanel)
- **Role:** Primary cPanel hosting server for client websites (80+ accounts)
- **Services:**
- WHM (Web Host Manager) - Port 2087
- cPanel - Port 2083
- Apache/LiteSpeed web server
- MariaDB (multiple client databases)
- PHP-FPM
- **Access Methods:**
- SSH (external): ssh root@ix.azcomputerguru.com
- SSH (internal): ssh root@172.16.3.10
- WHM: https://ix.azcomputerguru.com:2087
- cPanel: https://ix.azcomputerguru.com:2083
- **VPN Required:** Yes (for external SSH access)
- **Hosted Sites:** 40+ WordPress sites
### WebSvr (Legacy Hosting - websvr.acghosting.com)
- **Host:** websvr.acghosting.com
- **External IP:** 162.248.93.81
- **User:** op://Infrastructure/WebSvr (Legacy Hosting)/username
- **SSH Port:** 22
- **Password:** op://Infrastructure/WebSvr (Legacy Hosting)/password
- **OS:** CentOS 7 (WHM/cPanel)
- **Role:** Legacy cPanel hosting server, DNS management for ACG Hosting domains
- **API Token:** op://Infrastructure/WebSvr (Legacy Hosting)/API.API Token
- **Status:** Active - DNS management, some legacy sites
### pfSense Firewall (172.16.0.1)
- **Host:** 172.16.0.1
- **SSH Port:** 2248
- **User:** op://Infrastructure/pfSense Firewall/username
- **Password:** op://Infrastructure/pfSense Firewall/password
- **OS:** FreeBSD (pfSense 2.8.1)
- **Role:** Primary network firewall, VPN gateway, Tailscale gateway
- **Services:**
- Firewall rules
- VPN server
- Tailscale subnet router
- DHCP server
- **Tailscale:**
- Tailscale IP: 100.79.69.82 (pfsense-1) / 100.119.153.74 (pfsense-2)
- Subnet Routes: 172.16.0.0/22
- **Web UI:** https://172.16.0.1
- **Status:** CRITICAL PRODUCTION - Network gateway
- **Network:**
- LAN Subnet: 172.16.0.0/16
- OpenVPN: 192.168.6.0/24
- WAN (Fiber): 98.181.90.163/31
- Public IPs: 72.194.62.2-10, 70.175.28.51-57
### Saturn - DECOMMISSIONED
- **Host:** formerly 172.16.3.21 (IP reused by Uranus 2026-04)
- **User:** op://Infrastructure/Saturn (DECOMMISSIONED)/username
- **Password:** op://Infrastructure/Saturn (DECOMMISSIONED)/password
- **OS:** Unraid 6.x
- **Status:** DECOMMISSIONED - Migration to Jupiter complete (Seafile migrated 2025-12-27)
### Uranus (Unraid Secondary - 172.16.3.21)
- **Host:** 172.16.3.21
- **Hostname:** Uranus
- **User:** root
- **Password:** `bash D:/vault/scripts/vault.sh get-field infrastructure/uranus-unraid.sops.yaml credentials.password`
- **OS:** Unraid 7.2.4 (kernel 6.12.54)
- **Hardware:** Dell PowerEdge R730xd
- **CPU:** Intel Xeon E5-2630 v3 @ 2.40GHz, 32 threads
- **RAM:** 7.7 GiB (LOW — upgrade planned before Windows build VM deploys)
- **Array:** 6+ x 12 TB + 16 TB drives (~75 TB raw)
- **Role:** Additional storage, Pavon Archive (SMB share `Storage`), future Windows build VM
- **History:** Formerly 'Pavon' server at 172.16.1.33 (client-side). Renamed and re-IP'd April 2026 when moved into ACG infrastructure.
- **OwnCloud integration:** external storage mount ID 6 on `cloud.acghosting.com` — SMB `Storage` share mounted as `/Archive` for user `pavon`.
### OwnCloud VM (172.16.3.22)
- **Host:** 172.16.3.22
- **Hostname:** cloud.acghosting.com
- **User:** op://Infrastructure/OwnCloud VM/username
- **Password:** op://Infrastructure/OwnCloud VM/password
- **OS:** Rocky Linux 9.6
- **Role:** OwnCloud file synchronization server
### VMware Workstation Pro (192.168.3.24)
- **Host:** 192.168.3.24
- **User:** op://Infrastructure/VMware Workstation/username
- **Password:** op://Infrastructure/VMware Workstation/password
### HP iLO (172.16.9.125)
- **Host:** 172.16.9.125
- **User:** op://Infrastructure/HP iLO/username
- **Password:** op://Infrastructure/HP iLO/password
---
## External/Client Servers
### GoDaddy VPS (208.109.235.224) - Grabb & Durando
- **Host:** 208.109.235.224
- **User:** root
- **Auth:** SSH key (id_ed25519)
- **OS:** CloudLinux 9.6
- **Status:** OFFLINE - migration complete
- **Database Credentials:** op://Clients/GoDaddy VPS - Grabb & Durando (OFFLINE)/Database.*
### Neptune Exchange Server (67.206.163.124)
- **Hostname:** neptune.acghosting.com
- **Public IP:** 67.206.163.124
- **Internal IP:** 172.16.3.11 (requires Dataforth VPN)
- **Admin User:** op://Clients/Neptune Exchange Server/username
- **Admin Password:** op://Clients/Neptune Exchange Server/password
- **Exchange Version:** Exchange Server 2016
- **OWA URL:** https://neptune.acghosting.com/owa/
- **Status:** Active
- **Notes:** Requires VPN access (OpenVPN to Dataforth network)
---
## Dataforth Infrastructure
### ESXi Host (192.168.0.122)
- **Host:** 192.168.0.122
- **User:** op://Clients/Dataforth ESXi 122/username
- **Password:** op://Clients/Dataforth ESXi 122/password
- **Web UI:** https://192.168.0.122
- **SSH User:** op://Clients/Dataforth ESXi 122/SSH.SSH User
- **SSH Password:** op://Clients/Dataforth ESXi 122/SSH.SSH Password
- **VMs:** AD1, AD2, FILES-D1, PBX
### ESXi Host (192.168.0.124)
- **Host:** 192.168.0.124
- **User:** op://Clients/Dataforth ESXi 124/username
- **Password:** op://Clients/Dataforth ESXi 124/password
### PBX (192.168.100.2)
- **Host:** 192.168.100.2
- **Hostname:** pbx.intranet.dataforth.com
- **User:** op://Clients/Dataforth PBX/username
- **Password:** op://Clients/Dataforth PBX/password
- **OS:** Debian 12 (Sangoma FreePBX 17)
- **Network:** VLAN100 (192.168.100.0/24)
- **SIP Trunk:** FirstDigital (66.7.123.215, PJSIP)
- **Extensions:** 201-343 range (~35 endpoints)
### AD2 (Production Server - 192.168.0.6)
- **Host:** 192.168.0.6
- **Hostname:** AD2.intranet.dataforth.com
- **Domain:** INTRANET
- **User:** op://Clients/Dataforth AD2/username
- **Password:** op://Clients/Dataforth AD2/password
- **OS:** Windows Server 2022
- **Role:** Production server, Secondary Domain Controller
- **Service Account:**
- User: op://Clients/Dataforth AD2/Service Account.Service User
- Password: op://Clients/Dataforth AD2/Service Account.Service Password
- UPN: ClaudeTools-ReadOnly@dataforth.local
- **Notes:** SMB1 disabled for security (after crypto attack). WinRM port 5985, SSH port 22.
### AD1 (Primary Domain Controller - 192.168.0.27)
- **IP:** 192.168.0.27
- **Hostname:** AD1.intranet.dataforth.com
- **User:** op://Clients/Dataforth AD1/username
- **Password:** op://Clients/Dataforth AD1/password
- **Role:** Primary DC, NPS/RADIUS server
- **NPS Ports:** 1812/1813 (auth/accounting)
### D2TESTNAS (SMB1 Proxy - 192.168.0.9)
- **Host:** 192.168.0.9
- **SSH User:** op://Clients/Dataforth D2TESTNAS/username
- **SSH Password:** op://Clients/Dataforth D2TESTNAS/password
- **Web User:** op://Clients/Dataforth D2TESTNAS/Web.Web User
- **Web Password:** op://Clients/Dataforth D2TESTNAS/Web.Web Password
- **Engineer Access:** op://Clients/Dataforth D2TESTNAS/SMB.Engineer User / op://Clients/Dataforth D2TESTNAS/SMB.Engineer Password
- **Role:** SMB1 proxy/bridge for DOS 6.22 machines
- **Shares:** \\D2TESTNAS\test (T:), \\D2TESTNAS\datasheets (X:)
### Dataforth DOS Machines (TS-XX)
- **Network:** 192.168.0.0/24
- **OS:** MS-DOS 6.22
- **Count:** ~30 machines for QC testing
- **Credentials:** None (local DOS machines, NULL SMB passwords)
- **Network Drives:** T: = \\D2TESTNAS\test, X: = \\D2TESTNAS\datasheets
### UDM (UniFi Dream Machine - 192.168.0.254)
- **IP:** 192.168.0.254
- **SSH User:** op://Clients/Dataforth UDM/username
- **SSH Password:** op://Clients/Dataforth UDM/password
- **Web User:** op://Clients/Dataforth UDM/Web.Web User
- **Web Password:** op://Clients/Dataforth UDM/Web.Web Password
- **Notes:** 2FA push enabled. OpenVPN 192.168.6.0/24.
---
## Services - Web Applications
### Gitea (Git Server)
- **URL:** https://git.azcomputerguru.com/
- **SSH:** ssh://git@172.16.3.20:2222
- **Username:** op://Infrastructure/Gitea/username
- **Password:** op://Infrastructure/Gitea/password
- **API Token:** op://Infrastructure/Gitea/API.API Token
- **Repository:** azcomputerguru/ClaudeTools, azcomputerguru/claude-projects
### NPM (Nginx Proxy Manager)
- **Admin URL:** http://172.16.3.20:7818
- **User:** op://Infrastructure/NPM (Nginx Proxy Manager)/username
- **Password:** op://Infrastructure/NPM (Nginx Proxy Manager)/password
- **Cloudflare API Token:** op://Infrastructure/NPM (Nginx Proxy Manager)/Cloudflare.Cloudflare API Token
- **Proxy Hosts:**
- emby.azcomputerguru.com -> 172.16.2.99:8096
- git.azcomputerguru.com -> 172.16.3.20:3000
- plexrequest.azcomputerguru.com -> 172.16.3.31:5055
- rmm-api.azcomputerguru.com -> 172.16.3.20:3001
- unifi.azcomputerguru.com -> 172.16.3.28:8443
- sync.azcomputerguru.com -> 172.16.3.20:8082
### ClaudeTools API (Production)
- **URL:** http://172.16.3.30:8001
- **Docs:** http://172.16.3.30:8001/api/docs
- **Database:** op://Projects/ClaudeTools Database/*
- **Auth:** JWT tokens (POST /api/auth/token)
- **JWT Secret:** op://Projects/ClaudeTools API Auth/credential
- **Test User:** op://Projects/ClaudeTools API Auth/Test Email / op://Projects/ClaudeTools API Auth/Test Password
### Seafile Pro (File Sync)
- **URL:** https://sync.azcomputerguru.com
- **Username:** op://Infrastructure/Seafile Pro/username
- **Password:** op://Infrastructure/Seafile Pro/password
- **Database:** op://Infrastructure/Seafile Pro/Database.*
- **Microsoft Graph API:** op://Infrastructure/Seafile Pro/Microsoft Graph.*
- **Storage:** 11.8TB
### Cloudflare
- **API Token (Full DNS):** op://Infrastructure/Cloudflare/API Token Full DNS
- **API Token (Legacy):** op://Infrastructure/Cloudflare/API Token Legacy
- **Domain:** azcomputerguru.com
### Matomo Analytics
- **URL:** https://analytics.azcomputerguru.com
- **Username:** op://Infrastructure/Matomo Analytics/username
- **Password:** op://Infrastructure/Matomo Analytics/password
- **Database:** op://Infrastructure/Matomo Analytics/Database.*
- **Site IDs:** 1=azcomputerguru.com, 2=community forum, 3=radio show
---
## Projects - ClaudeTools
### Database (MariaDB)
- **Host:** 172.16.3.30
- **Port:** 3306
- **Database:** claudetools
- **User:** op://Projects/ClaudeTools Database/username
- **Password:** op://Projects/ClaudeTools Database/password
- **Connection String:** op://Projects/ClaudeTools Database/Connection String
- **Tables:** 38 tables (fully migrated)
- **Encryption:** AES-256-GCM for credentials table
### Encryption Keys
- **Method:** AES-256-GCM (Fernet)
- **Key:** op://Projects/ClaudeTools Encryption Key/credential
- **Key Storage:** Environment variable ENCRYPTION_KEY
- **Warning:** DO NOT COMMIT TO GIT
### API Authentication
- **Method:** JWT tokens
- **JWT Secret:** op://Projects/ClaudeTools API Auth/credential
- **Token Endpoint:** POST /api/auth/token
- **Test User:** op://Projects/ClaudeTools API Auth/Test Email
- **Test Password:** op://Projects/ClaudeTools API Auth/Test Password
---
## Projects - GuruRMM
### Dashboard/API Login
- **URL:** https://rmm.azcomputerguru.com
- **Email:** op://Projects/GuruRMM Dashboard/username
- **Password:** op://Projects/GuruRMM Dashboard/password
### Database (PostgreSQL)
- **Host:** 172.16.3.30
- **Port:** 5432
- **Database:** gururmm
- **User:** op://Projects/GuruRMM Database/username
- **Password:** op://Projects/GuruRMM Database/password
- **Connection:** op://Projects/GuruRMM Database/Connection String
### API Server
- **External URL:** https://rmm-api.azcomputerguru.com
- **Internal URL:** http://172.16.3.30:3001
- **JWT Secret:** op://Projects/GuruRMM API Server/credential
### Microsoft Entra ID (SSO)
- **App ID:** op://Projects/GuruRMM Entra SSO/App Registration.App ID
- **Client Secret:** op://Projects/GuruRMM Entra SSO/App Registration.Client Secret
- **Secret Expires:** 2026-12-21
- **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback
### CI/CD (Build Automation)
- **Webhook URL:** http://172.16.3.30/webhook/build
- **Webhook Secret:** op://Projects/GuruRMM CI-CD/credential
- **Build Script:** /opt/gururmm/build-agents.sh
- **Deploy Path:** /var/www/gururmm/downloads/
### Clients & Sites
#### Glaztech Industries (GLAZ)
- **Site Code:** DARK-GROVE-7839
- **API Key:** op://Projects/GuruRMM Glaztech Site/credential
#### AZ Computer Guru (Internal)
- **Site Code:** SWIFT-CLOUD-6910
---
## Projects - GuruConnect
### Database (PostgreSQL)
- **Host:** localhost (172.16.3.30)
- **Port:** 5432
- **Database:** guruconnect
- **User:** op://Projects/GuruConnect Database/username
- **Password:** op://Projects/GuruConnect Database/password
- **DATABASE_URL:** op://Projects/GuruConnect Database/DATABASE_URL
---
## Client - MVAN Inc
### Microsoft 365 Tenant 1
- **Tenant:** mvan.onmicrosoft.com
- **Admin User:** op://Clients/MVAN M365/username
- **Password:** op://Clients/MVAN M365/password
---
## Client - BG Builders LLC
### Microsoft 365 Tenant
- **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27
- **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com
- **Admin User:** op://Clients/BG Builders M365/username
- **Password:** op://Clients/BG Builders M365/password
- **Cloudflare Zone ID:** op://Clients/BG Builders M365/Cloudflare Zone ID
- **Licenses:** 8x Business Standard, 4x Exchange Online Plan 1, 1x Basic
### Email Security (Configured 2025-12-19)
| Record | Status | Details |
|--------|--------|---------|
| SPF | OK | `v=spf1 include:spf.protection.outlook.com -all` |
| DMARC | OK | `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com` |
| DKIM | OK | selector1/selector2 CNAMEs configured |
| MX | OK | bgbuildersllc-com.mail.protection.outlook.com |
---
## Client - CW Concrete LLC
### Microsoft 365 Tenant
- **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711
- **Default Domain:** NETORGFT11452752.onmicrosoft.com
- **Notes:** De-federated from GoDaddy 2025-12
---
## Client - Dataforth
### Microsoft 365
- **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
- **Admin:** op://Clients/Dataforth M365/username / op://Clients/Dataforth M365/password
- **Entra App (Claude-Code-M365):**
- App ID: op://Clients/Dataforth M365/Entra App.App ID
- Client Secret: op://Clients/Dataforth M365/Entra App.Client Secret
- Expires: 2027-12-22
### NPS RADIUS Configuration
- **Server:** 192.168.0.27 (AD1)
- **Port:** 1812/UDP (auth), 1813/UDP (accounting)
- **Shared Secret:** op://Clients/Dataforth M365/NPS RADIUS.Shared Secret
- **RADIUS Client:** unifi (192.168.0.254)
---
## Client - Valley Wide Plastering (VWP)
### UDM
- **IP:** 172.16.9.1
- **User:** op://Clients/VWP UDM/username
- **Password:** op://Clients/VWP UDM/password
### VWP-DC1
- **IP:** 172.16.9.2
- **Hostname:** VWP-DC1.VWP.US
- **User:** op://Clients/VWP DC1/username
- **Password:** op://Clients/VWP DC1/password
- **NPS RADIUS Shared Secret:** op://Clients/VWP DC1/NPS.Shared Secret
### Citrix XenServer
- **Management IP:** 192.168.0.104
- **User:** op://Clients/VWP XenServer/username
- **Password:** op://Clients/VWP XenServer/password
- **iDRAC IP:** 192.168.3.30
- **iDRAC User/Pass:** op://Clients/VWP XenServer/iDRAC.*
### QuickBooks Server iDRAC
- **iDRAC IP:** 192.168.3.189
- **User:** op://Clients/VWP QuickBooks Server iDRAC/username
- **Password:** op://Clients/VWP QuickBooks Server iDRAC/password
---
## Client - Khalsa
### UCG
- **IP:** 172.16.50.1
- **User:** op://Clients/Khalsa UCG/username
- **Password:** op://Clients/Khalsa UCG/password
### Switch
- **User:** op://Clients/Khalsa Switch/username
- **Password:** op://Clients/Khalsa Switch/password
### Accountant Machine (172.16.50.168)
- **User:** op://Clients/Khalsa Accountant Machine/username
- **Password:** op://Clients/Khalsa Accountant Machine/password
- **Local Admin:** op://Clients/Khalsa Accountant Machine/Local Admin User / op://Clients/Khalsa Accountant Machine/Local Admin Password
---
## Client - Scileppi Law Firm
### RS2212+ (Primary NAS)
- **IP:** 172.16.1.59
- **User:** op://Clients/Scileppi RS2212+/username
- **Password:** op://Clients/Scileppi RS2212+/password
- **Storage:** 25TB total, 6.9TB used
- **User Accounts:** op://Clients/Scileppi RS2212+/Users.*
### DS214se / Unraid (POWERED OFF)
- Credentials in op://Clients/Scileppi DS214se (POWERED OFF)/* and op://Clients/Scileppi Unraid (POWERED OFF)/*
---
## Client - heieck.org
### Microsoft 365 Migration
- **Tenant:** heieckorg.onmicrosoft.com
- **Mailbox passwords:** op://Clients/heieck.org M365/*
---
## MSP Tools
### Syncro (PSA/RMM)
- **API Base URL:** https://computerguru.syncromsp.com/api/v1
- **API Key:** op://MSP Tools/Syncro/credential
### Autotask (PSA)
- **API Zone:** webservices5.autotask.net
- **API Username:** op://MSP Tools/Autotask/API Username
- **API Password:** op://MSP Tools/Autotask/API Password
- **Integration Code:** op://MSP Tools/Autotask/credential
### CIPP (M365 Management)
- **URL:** https://cippcanvb.azurewebsites.net
- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
- **App ID:** op://MSP Tools/CIPP/OAuth.App ID
- **Client Secret:** op://MSP Tools/CIPP/OAuth.Client Secret
- **Scope:** op://MSP Tools/CIPP/OAuth.Scope
### Claude-MSP-Access (Multi-Tenant Graph API)
- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
- **App ID:** op://MSP Tools/Claude-MSP-Access (Graph API)/App ID
- **Client Secret:** op://MSP Tools/Claude-MSP-Access (Graph API)/credential
### ACG-MSP-Access (Google Workspace)
- **Service Account:** op://MSP Tools/ACG-MSP-Access (Google Workspace)/Service Account Email
- **Key File:** temp/acg-msp-access-8f72339997e5.json
- **Onboarded Tenants:** lonestarelectrical.net
---
## VPN Access
### Peaceful Spirit VPN (L2TP/IPSec)
- **Server IP:** 98.190.129.150
- **Username:** op://Clients/Peaceful Spirit VPN/username
- **Password:** op://Clients/Peaceful Spirit VPN/password
- **Pre-Shared Key:** op://Clients/Peaceful Spirit VPN/VPN.Pre-Shared Key
- **Remote Network:** 192.168.0.0/24
---
## Tailscale Network
| Tailscale IP | Hostname | Owner | OS | Notes |
|--------------|----------|-------|-----|-------|
| 100.79.69.82 | pfsense-1 | mike@ | freebsd | Gateway |
| 100.125.36.6 | acg-m-l5090 | mike@ | windows | Workstation |
| 100.92.230.111 | acg-tech-01l | mike@ | windows | Tech laptop |
| 100.96.135.117 | acg-tech-02l | mike@ | windows | Tech laptop |
| 100.113.45.7 | acg-tech03l | howard@ | windows | Tech laptop |
| 100.77.166.22 | desktop-hjfjtep | mike@ | windows | Desktop |
| 100.101.145.100 | guru-legion9 | mike@ | windows | Laptop |
| 100.119.194.51 | guru-surface8 | howard@ | windows | Surface |
| 100.66.103.110 | magus-desktop | rob@ | windows | Desktop |
| 100.66.167.120 | magus-pc | rob@ | windows | Workstation |
---
## SSH Public Keys
### guru@wsl (Windows/WSL)
- **Key Type:** ssh-ed25519
- **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl
- **Sudo Password:** op://Infrastructure/GuruRMM Server/password (same as SSH)
- **Authorized on:** GuruRMM build server, IX server, Jupiter, Saturn
### azcomputerguru@local (Mac)
- **Key Type:** ssh-ed25519
- **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local
- **Authorized on:** GuruRMM build server, IX server, AD2, D2TESTNAS
### claude-code@localadmin (Windows)
- **Key Type:** ssh-ed25519
- **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABnQjolTxDtfqOwdDjamK1oyFPiQnaNT/tAgsIHH1Zo
- **Authorized On:** pfSense
---
## 1Password Service Account
- **Item:** op://Infrastructure/Service Account Auth Token: Agentic_Cli/credential
- **Vaults Accessible:** Infrastructure, Clients, Projects, MSP Tools (Read & Write)
- **Usage:** Set OP_SERVICE_ACCOUNT_TOKEN env var for non-interactive CLI access
---
## Context Recovery Usage
When a new Claude session starts or context is lost:
1. **Read this file first** - Get all infrastructure details and op:// paths
2. **Use `op read`** to fetch actual credentials as needed
3. **Check session-logs/** - Find recent work and decisions
4. **Read SESSION_STATE.md** - Get project status and phase
**Quick credential fetch:**
```bash
# Set service account token first
export OP_SERVICE_ACCOUNT_TOKEN=$(op read "op://Infrastructure/Service Account Auth Token: Agentic_Cli/credential")
# Then read any credential
op read "op://Infrastructure/IX Server/password"
op read "op://Projects/ClaudeTools Database/password"
op read "op://Clients/Dataforth AD2/password"
```
---
## Security Notes
- **Secrets are stored in 1Password** - op:// references are safe to commit to private repos
- **Never commit resolved .env files** - only .env.tpl with op:// references
- **ClaudeTools encrypts credentials in database with AES-256-GCM**
- **Service account token** should be set as environment variable, not committed
- **Rotate on exposure** - update in 1Password, re-inject everywhere
Reference in New Issue View Git Blame Copy Permalink