azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c40a71e45281ae8a57ce3582db818cc1be5607fc
claudetools/.claude/TODO-vault-sync-for-howard.md
Mike Swanson c40a71e452 docs: vault sync instructions for Windows laptop 
Step-by-step checklist to sync 5 new-tier SOPS files to shared vault.
Unblocks Howard's remediation-tool usage on ACG-Tech03L.

Ready for DESKTOP-0O8A1RL session.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-21 19:17:26 -07:00

4.6 KiB
Raw Blame History

TODO: Vault Sync for Howard (DESKTOP-0O8A1RL Session)

Priority: HIGH - Blocks Howard's remediation-tool usage Estimated time: 5-10 minutes Created: 2026-04-21 Mac session

What I Need You to Do

Howard is blocked on remediation-tool because the 5 new-tier app SOPS files are only on your Windows machine. They need to be committed to the shared vault repo so he can pull them on ACG-Tech03L.

Step-by-Step Instructions

1. Navigate to Vault Repository

cd D:\vault
git status

Expected: You should see the vault repo is clean or has uncommitted SOPS files.

2. Verify the 5 New-Tier SOPS Files Exist

dir D:\vault\msp-tools\computerguru-*.sops.yaml

You should see these 5 files:

  • computerguru-security-investigator.sops.yaml
  • computerguru-exchange-operator.sops.yaml
  • computerguru-user-manager.sops.yaml
  • computerguru-tenant-admin.sops.yaml
  • computerguru-defender-addon.sops.yaml

If ANY are missing: Stop and tell me which ones are missing. Don't proceed.

3. Check If Already Committed to Vault Repo

git ls-files D:\vault\msp-tools\computerguru-*.sops.yaml

If all 5 files are listed: They're already tracked. Skip to Step 5 (push).

If none or only some are listed: They need to be added. Proceed to Step 4.

4. Add the SOPS Files to Git

git add msp-tools/computerguru-security-investigator.sops.yaml
git add msp-tools/computerguru-exchange-operator.sops.yaml
git add msp-tools/computerguru-user-manager.sops.yaml
git add msp-tools/computerguru-tenant-admin.sops.yaml
git add msp-tools/computerguru-defender-addon.sops.yaml

Or add them all at once:

git add msp-tools/computerguru-*.sops.yaml

Then commit:

git commit -m "feat: add new-tier app suite SOPS files for team access

Adds 5 tiered MSP app credentials to shared vault:
- Security Investigator (Graph read-only + Exchange read)
- Exchange Operator (Exchange write)
- User Manager (Graph user/group write)
- Tenant Admin (Graph high-privilege)
- Defender Add-on (MDE only)

Unblocks Howard's remediation-tool usage on ACG-Tech03L.
Enables all machines to run breach checks against consented tenants.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"

5. Push to Vault Remote

git push origin main

If push fails with auth error: Check if you need to authenticate with Gitea.

If push fails with "rejected": Run git pull --rebase origin main first, then push again.

6. Verify Push Succeeded

git log -1 --oneline

Should show your commit at HEAD.

What This Unblocks

For Howard (ACG-Tech03L):

  1. He can pull vault: cd D:/vault && git pull origin main
  2. All 5 SOPS files will appear in his D:/vault/msp-tools/
  3. get-token.sh will work for all tiers
  4. He can complete the Cascades spoofing hunt
  5. He can run remediation-tool against any consented tenant

For you (all machines):

  • Mac can clone vault and run remediation-tool (if needed)
  • Windows continues to work as before
  • Consistent vault state across all machines

After Vault Sync - Notify Howard

Once pushed, send Howard a message (Slack/email/Teams):

Howard - Vault is synced.

Pull the latest on ACG-Tech03L:
cd D:/vault
git pull origin main

You should now have all 5 new-tier SOPS files in D:/vault/msp-tools/

Test token acquisition:
bash C:/claudetools/.claude/skills/remediation-tool/scripts/get-token.sh grabblaw.com investigator

If that works, you can finish the Cascades spoofing hunt.

- Mike

Troubleshooting

"fatal: not a git repository"

Problem: You're not in the vault directory. Fix: cd D:\vault and verify with git status

"SOPS files don't exist"

Problem: The files might be in a different location or not created yet. Fix: Search for them: dir D:\vault\*.sops.yaml /s

"git push rejected"

Problem: Remote has changes you don't have locally. Fix:

git pull --rebase origin main
git push origin main

"Authentication failed"

Problem: Git credentials not cached. Fix: Verify Gitea credentials or use SSH if configured.

Quick Checklist

  • Navigate to D:\vault
  • Verify 5 SOPS files exist in msp-tools/
  • Check if already tracked with git ls-files
  • Add files with git add msp-tools/computerguru-*.sops.yaml
  • Commit with detailed message
  • Push to origin main
  • Verify push succeeded
  • Notify Howard

Status: Ready for Windows session Created by: Mac session (Mikes-MacBook-Air.local) Next action: Execute this checklist on DESKTOP-0O8A1RL

Reference in New Issue View Git Blame Copy Permalink