john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/scripts/get-credentials.sh
TheFlow 2298d36bed fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-24 08:47:42 +13:00

156 lines
5.5 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Tractatus Credential Retrieval Script
# Populates .env file from KeePassXC vault
set -e
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m'
VAULT_FILE="$HOME/Documents/credentials/vault.kdbx"
KEY_FILE="$HOME/Documents/credentials/vault.kdbx.key"
PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
ENV_FILE="$PROJECT_DIR/.env"
LOG_FILE="$HOME/Documents/credentials/logs/access-log.txt"
# Check if vault exists
if [ ! -f "$VAULT_FILE" ]; then
echo -e "${RED}✗ Vault not found: $VAULT_FILE${NC}"
echo "Run: ~/Documents/credentials/scripts/create-vault.sh"
exit 1
fi
# Determine if key file exists
KEY_FILE_ARG=""
if [ -f "$KEY_FILE" ]; then
KEY_FILE_ARG="-k $KEY_FILE"
fi
echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
echo -e "${YELLOW} TRACTATUS CREDENTIAL RETRIEVAL${NC}"
echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
echo ""
# Prompt for master password
read -sp "Enter master password: " MASTER_PASSWORD
echo ""
# Test vault access
echo "$MASTER_PASSWORD" | keepassxc-cli ls "$VAULT_FILE" /tractatus $KEY_FILE_ARG > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${RED}✗ Failed to unlock vault (wrong password?)${NC}"
exit 1
fi
echo -e "${GREEN}✓ Vault unlocked${NC}"
echo ""
# Function to get credential from vault
get_credential() {
local entry_path="$1"
local field="${2:-password}" # Default to password field
echo "$MASTER_PASSWORD" | keepassxc-cli show "$VAULT_FILE" "$entry_path" $KEY_FILE_ARG 2>&1 | \
grep "^$field:" | cut -d' ' -f2-
}
# Function to log access
log_access() {
local entry="$1"
local action="$2"
echo "$(date '+%Y-%m-%d %H:%M:%S') | $action | $entry | get-credentials.sh | SUCCESS" >> "$LOG_FILE"
}
echo -e "${GREEN}Retrieving credentials...${NC}"
echo ""
# Backup existing .env if it exists
if [ -f "$ENV_FILE" ]; then
backup_file="$ENV_FILE.backup-$(date +%Y%m%d-%H%M%S)"
cp "$ENV_FILE" "$backup_file"
echo -e "${GREEN}✓ Backed up existing .env to: $(basename $backup_file)${NC}"
fi
# Create new .env file
cat > "$ENV_FILE" << 'HEADER'
# Tractatus Environment Variables
# Auto-generated from KeePassXC credential vault
# Generated: TIMESTAMP
# DO NOT COMMIT THIS FILE TO GIT
# WARNING: This file contains sensitive credentials
# File permissions: 600 (owner read/write only)
HEADER
# Replace timestamp
sed -i "s/TIMESTAMP/$(date '+%Y-%m-%d %H:%M:%S')/" "$ENV_FILE"
# Retrieve credentials from vault and add to .env
echo "# === Anthropic API ===" >> "$ENV_FILE"
ANTHROPIC_KEY=$(get_credential "/tractatus/Anthropic API Key" "Password")
if [ -n "$ANTHROPIC_KEY" ]; then
echo "CLAUDE_API_KEY=$ANTHROPIC_KEY" >> "$ENV_FILE"
echo -e "${GREEN}✓ Retrieved: Anthropic API Key${NC}"
log_access "tractatus/Anthropic API Key" "READ"
else
echo -e "${YELLOW}⚠️ Not found: Anthropic API Key${NC}"
fi
echo "" >> "$ENV_FILE"
echo "# === MongoDB ===" >> "$ENV_FILE"
MONGODB_USER=$(get_credential "/tractatus/MongoDB Production" "UserName")
MONGODB_PASS=$(get_credential "/tractatus/MongoDB Production" "Password")
if [ -n "$MONGODB_USER" ] && [ -n "$MONGODB_PASS" ]; then
# URL encode the password
MONGODB_PASS_ENCODED=$(echo -n "$MONGODB_PASS" | jq -sRr @uri)
echo "MONGODB_URI=mongodb://${MONGODB_USER}:${MONGODB_PASS_ENCODED}@localhost:27017/tractatus_prod?authSource=tractatus_prod" >> "$ENV_FILE"
echo "MONGODB_USER=$MONGODB_USER" >> "$ENV_FILE"
echo "MONGODB_PASSWORD=$MONGODB_PASS" >> "$ENV_FILE"
echo "MONGODB_DB=tractatus_prod" >> "$ENV_FILE"
echo -e "${GREEN}✓ Retrieved: MongoDB credentials${NC}"
log_access "tractatus/MongoDB Production" "READ"
else
echo -e "${YELLOW}⚠️ Not found: MongoDB credentials${NC}"
fi
echo "" >> "$ENV_FILE"
echo "# === JWT Secret ===" >> "$ENV_FILE"
JWT_SECRET=$(get_credential "/tractatus/JWT Secret" "Password")
if [ -n "$JWT_SECRET" ]; then
echo "JWT_SECRET=$JWT_SECRET" >> "$ENV_FILE"
echo -e "${GREEN}✓ Retrieved: JWT Secret${NC}"
log_access "tractatus/JWT Secret" "READ"
else
echo -e "${YELLOW}⚠️ Not found: JWT Secret${NC}"
fi
echo "" >> "$ENV_FILE"
echo "# === Server Configuration ===" >> "$ENV_FILE"
echo "PORT=9000" >> "$ENV_FILE"
echo "NODE_ENV=development" >> "$ENV_FILE"
# Set file permissions
chmod 600 "$ENV_FILE"
echo ""
echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
echo -e "${YELLOW} CREDENTIALS RETRIEVED SUCCESSFULLY${NC}"
echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
echo ""
echo "Output file: $ENV_FILE"
echo "Permissions: $(stat -c '%a' $ENV_FILE) (should be 600)"
echo ""
echo "Credentials retrieved:"
if [ -n "$ANTHROPIC_KEY" ]; then echo " ✓ Anthropic API Key"; fi
if [ -n "$MONGODB_USER" ]; then echo " ✓ MongoDB credentials"; fi
if [ -n "$JWT_SECRET" ]; then echo " ✓ JWT Secret"; fi
echo ""
echo "Next steps:"
echo " 1. Verify .env file: cat $ENV_FILE"
echo " 2. Test server starts: npm start"
echo " 3. Check access log: cat $LOG_FILE"
echo ""
Reference in a new issue View git blame Copy permalink