azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7da6a81aa4da7a07384b4d9f5f4acb349365c442
claudetools/.claude/MAC-vault-readiness-test.md
Mike Swanson 6125ba15d9 docs: Mac vault readiness test results 
Tested vault access capability on Mac. Found multiple blockers:
- SOPS not installed
- age not installed
- age key not configured
- vault repo not cloned (git auth blocked)

Documents what would be required vs. recommendation to skip Mac setup.

Windows already validated - all 5 tiers working.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-21 19:34:56 -07:00

4.8 KiB
Raw Blame History

Mac Vault Readiness Test Results

Date: 2026-04-21 Machine: Mikes-MacBook-Air.local Purpose: Test vault access capability for remediation-tool

Test Results Summary

Status: NOT READY - Multiple blockers present

Dependencies Check

Component Status Notes
jq ✓ INSTALLED jq-1.7.1-apple
SOPS ✗ NOT INSTALLED Required for decrypting .sops.yaml files
age ✗ NOT INSTALLED Required for SOPS encryption/decryption
age key ✗ NOT CONFIGURED ~/.config/sops/age/keys.txt missing
vault repo ✗ NOT CLONED Git authentication blocked
vault_path in identity.json ✗ NOT SET Would point to ~/vault once cloned

What Works

[OK] Vault wrapper script exists and reports correct errors:

bash .claude/scripts/vault.sh list
→ [ERROR] vault_path not set in identity.json

[OK] get-token.sh bug fixes applied:

  • Variable collision fixed (VAULT_PATH → VAULT_ROOT_ENV)
  • Directory traversal corrected (4 levels up instead of 3)

[OK] Remediation-tool scripts are executable:

ls -la .claude/skills/remediation-tool/scripts/*.sh
→ All scripts have execute permissions

What's Blocked

1. Vault Repository Clone

git clone http://azcomputerguru@172.16.3.20:3000/azcomputerguru/vault.git ~/vault
→ fatal: could not read Password: Device not configured

Git cannot prompt for credentials in this terminal session.

2. SOPS Installation

sops --version
→ command not found

SOPS not installed via Homebrew or other package manager.

3. age Installation

age --version
→ command not found

age encryption tool not installed.

4. age Key Configuration

test -f ~/.config/sops/age/keys.txt
→ File does not exist

No SOPS age private key configured.

What Would Be Required to Unblock

Installation Steps (If Vault Access on Mac is Needed)

1. Install Homebrew (if not already installed):

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

2. Install SOPS:

brew install sops

3. Install age:

brew install age

4. Copy age private key from Windows:

On Windows (DESKTOP-0O8A1RL):

cat C:\Users\<username>\.config\sops\age\keys.txt

On Mac:

mkdir -p ~/.config/sops/age
# Paste the private key content into:
nano ~/.config/sops/age/keys.txt
chmod 600 ~/.config/sops/age/keys.txt

5. Configure Git credential helper:

git config --global credential.helper osxkeychain

6. Clone vault repository:

git clone http://azcomputerguru@172.16.3.20:3000/azcomputerguru/vault.git ~/vault
# Will prompt for password - enter Gitea password

7. Add vault_path to identity.json:

# Edit .claude/identity.json and add:
"vault_path": "/Users/azcomputerguru/vault"

8. Test token acquisition:

cd .claude/skills/remediation-tool/scripts
./get-token.sh grabblaw.com investigator

Should return a JWT token if all configured correctly.

Is This Worth Doing?

Probably not, unless you need remediation-tool on Mac.

Why it's not urgent:

  • Windows (DESKTOP-0O8A1RL) has working vault + remediation-tool ✓
  • Vault sync validated on Windows - all 5 tiers working ✓
  • Howard can be unblocked by pulling vault on ACG-Tech03L ✓
  • Mac is just for testing/portability

Use cases for Mac vault:

  • Running breach checks while away from Windows desktop
  • Testing remediation-tool portability across platforms
  • Validating vault sync from Mac perspective

Alternatives:

  • Use Windows for all remediation-tool work (current state)
  • SSH into Windows from Mac when needed
  • Remote desktop to Windows desktop

Recommendation

Skip Mac vault setup for now.

Reasons:

  1. Windows already validated vault sync works
  2. All 5 SOPS files confirmed present
  3. Token acquisition tested on all 5 tiers
  4. Howard can be notified to pull
  5. Mac setup requires 4 installations + credential management

Only set up Mac vault if:

  • You frequently work from Mac and need remediation-tool
  • You want to test cross-platform portability
  • Windows desktop is unavailable for extended periods

Current Capability on Mac

What works:

  • Reading/editing remediation-tool scripts
  • Viewing tenant lists (references/tenants.md)
  • Resolving tenant IDs: ./resolve-tenant.sh <domain>
  • All other ClaudeTools functionality

What doesn't work:

  • Token acquisition (no vault)
  • SOPS decryption (no vault + no SOPS)
  • Running breach checks (needs tokens)
  • Testing remediation-tool workflows (needs tokens)

Status: Documented and understood - Mac not currently set up for vault access Action: No action needed unless Mac remediation-tool access becomes necessary Validated on: Windows (DESKTOP-0O8A1RL) - all 5 tiers working

Reference in New Issue View Git Blame Copy Permalink