azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
de8d2decdbcd922b275496286331fecfd48435a2
claudetools/.claude/vault-setup-mac.md
Mike Swanson cae7b63481 docs: vault setup procedure for Mac 
Documents authentication blocker for vault clone on Mac.
Provides step-by-step setup instructions for future vault access.

Vault sync from Windows is complete - Mac setup is optional.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-21 19:28:38 -07:00

169 lines
4.3 KiB
Markdown
Raw Blame History

# Vault Setup on Mac (Mikes-MacBook-Air.local)
**Status:** Blocked on authentication
**Created:** 2026-04-21
**Purpose:** Enable remediation-tool SOPS credential access on Mac
---
## Current State
**Vault repo:** NOT cloned on this Mac
**identity.json:** Missing `vault_path` field
**Remediation-tool:** Cannot acquire tokens (no vault access)
---
## What's Needed
### Step 1: Clone Vault Repository
**Vault URL:** `http://172.16.3.20:3000/azcomputerguru/vault.git`
**Authentication required.** Options:
**Option A: Use Gitea credentials (interactive)**
```bash
git clone http://azcomputerguru@172.16.3.20:3000/azcomputerguru/vault.git ~/vault
# Will prompt for password
```
**Option B: Use stored credentials**
If you have git credential helper configured:
```bash
git config --global credential.helper osxkeychain
git clone http://azcomputerguru@172.16.3.20:3000/azcomputerguru/vault.git ~/vault
```
**Option C: Use SSH (if keys configured)**
```bash
git clone git@172.16.3.20:azcomputerguru/vault.git ~/vault
```
### Step 2: Add vault_path to identity.json
**File:** `/Users/azcomputerguru/ClaudeTools/.claude/identity.json`
**Add this field:**
```json
{
"user": "mike",
"full_name": "Mike Swanson",
"email": "mike@azcomputerguru.com",
"role": "admin",
"machine": "Mikes-MacBook-Air",
"mode": "general",
"last_updated": "2026-04-19T08:40:00Z",
"vault_path": "/Users/azcomputerguru/vault"
}
```
### Step 3: Verify SOPS Files Are Present
```bash
ls -la ~/vault/msp-tools/computerguru-*.sops.yaml
```
**Expected: 5 files**
- computerguru-security-investigator.sops.yaml
- computerguru-exchange-operator.sops.yaml
- computerguru-user-manager.sops.yaml
- computerguru-tenant-admin.sops.yaml
- computerguru-defender-addon.sops.yaml
### Step 4: Configure SOPS
**Check if age key exists:**
```bash
test -f ~/.config/sops/age/keys.txt && echo "Age key exists" || echo "Need age key"
```
**If age key is missing:**
You'll need the SOPS age private key from DESKTOP-0O8A1RL or ACG-Tech03L.
**Location on Windows:** `C:\Users\<username>\.config\sops\age\keys.txt`
Copy the private key to Mac:
```bash
mkdir -p ~/.config/sops/age
# Copy keys.txt content to ~/.config/sops/age/keys.txt
chmod 600 ~/.config/sops/age/keys.txt
```
### Step 5: Test Token Acquisition
```bash
cd /Users/azcomputerguru/ClaudeTools/.claude/skills/remediation-tool/scripts
./get-token.sh grabblaw.com investigator
```
**Expected output:** A JWT token (long string starting with `eyJ...`)
**If it fails:**
- Check vault_path in identity.json
- Verify SOPS files exist
- Verify age key is configured
- Check file permissions
---
## Test Results (Attempted 2026-04-21)
**Clone attempt 1:**
```
git clone http://172.16.3.20:3000/azcomputerguru/vault.git ~/vault
→ fatal: could not read Username for 'http://172.16.3.20:3000': Device not configured
```
**Clone attempt 2:**
```
git clone http://azcomputerguru@172.16.3.20:3000/azcomputerguru/vault.git ~/vault
→ fatal: could not read Password for 'http://azcomputerguru@172.16.3.20:3000': Device not configured
```
**Blocker:** Git on Mac cannot prompt for credentials in this terminal session.
**Workaround needed:** Configure credential helper or use SSH authentication.
---
## Why This Matters
**Once vault is set up on Mac:**
- Can test remediation-tool locally
- Can run breach checks without switching to Windows
- Full parity with Windows/Howard's machines
- Validates that vault sync from Windows worked
**Current capability:**
- remediation-tool scripts are executable ✓
- get-token.sh bugs are fixed ✓
- Vault wrapper logic is correct ✓
- **Blocked only by vault clone authentication** ✗
---
## Alternative: Test on Windows
If Mac vault setup is low priority, the vault sync can be validated on Windows:
```bash
cd D:\vault
git pull origin main
ls D:\vault\msp-tools\computerguru-*.sops.yaml
cd D:\ClaudeTools\.claude\skills\remediation-tool\scripts
bash get-token.sh grabblaw.com investigator
```
Should return a JWT token proving the vault sync worked.
---
**Next action:**
- **If Mac needs remediation-tool:** Set up vault clone with proper authentication
- **If Mac is just for testing:** Test vault sync on Windows instead
- **If vault not needed on Mac:** Skip this setup entirely
**Priority:** LOW - Windows already has working vault + remediation-tool
Reference in New Issue View Git Blame Copy Permalink