Secrets out of the box: Vaultwarden fetch + per-agent seed import #65

Closed
clawdie wants to merge 1 commit from secrets-out-of-the-box into main
Owner

Two parallel, additive paths so a host gets its secrets out of the box. The manual setup wizard stays the floor — no config present means a clean no-op.

clawdie-vault-fetch (new)

Language-neutral bw bridge (deps: only bw, no jq). Reads a 0600 ~/.config/vault-bootstrap.env, pulls keys from the agent-secrets collection where item name = env var name and the value lives in the password field (so bw get password <NAME> returns it raw). Prints KEY=VALUE or --write-env upserts into a 0600 file (preserves untouched keys). Exit codes distinguish skip (3, no bootstrap) / broken (1) / no bw (4). Pinned @bitwarden/cli@2026.5.0 for offline bundling; staged in configure_live_operator_session. Smoke-tested with a stub bw across all paths.

Seed importer → per-agent directories

Extends the CLAWDIESEED FAT32 importer from the authorized_keys allowlist to a per-agent convention: /<agent>/ holding env (merged 0600), harness.toml (pi|zot|local, the Colibri AgentRuntime enum), soul/ (staged to /var/db/clawdie/seed/<agent>/), and ssh/authorized_keys. Live USB is single-agent (first dir = active); extra dirs are staged + flagged for the deployed multi-agent seam. Optional consume-and-shred (/shred marker). Import core is unit-testable via CLAWDIE_SEED_TEST and was verified end-to-end against a fake seed tree.

Security note

Per operator decision, env files on the seed may carry plaintext secrets (provider keys, vault bootstrap). The README is rewritten to document this honestly — seeded sticks are secret-bearing media; mitigations are 0600 landing and the shred option.

Not wired yet (follow-ups)

  • Runtime consumption: staged soul/ → agent workspace cwd; harness launch from harness.toml.
  • Deployed multi-agent provisioning.
  • clawdie-ai postinstall shelling out to clawdie-vault-fetch; deployed-disk staging of the helper.

🤖 Generated with Claude Code

Two parallel, additive paths so a host gets its secrets out of the box. The manual setup wizard stays the floor — no config present means a clean no-op. ## `clawdie-vault-fetch` (new) Language-neutral `bw` bridge (deps: only `bw`, no `jq`). Reads a 0600 `~/.config/vault-bootstrap.env`, pulls keys from the `agent-secrets` collection where **item name = env var name** and the value lives in the password field (so `bw get password <NAME>` returns it raw). Prints `KEY=VALUE` or `--write-env` upserts into a 0600 file (preserves untouched keys). Exit codes distinguish skip (`3`, no bootstrap) / broken (`1`) / no `bw` (`4`). Pinned `@bitwarden/cli@2026.5.0` for offline bundling; staged in `configure_live_operator_session`. Smoke-tested with a stub `bw` across all paths. ## Seed importer → per-agent directories Extends the `CLAWDIESEED` FAT32 importer from the `authorized_keys` allowlist to a per-agent convention: `/<agent>/` holding `env` (merged 0600), `harness.toml` (`pi|zot|local`, the Colibri `AgentRuntime` enum), `soul/` (staged to `/var/db/clawdie/seed/<agent>/`), and `ssh/authorized_keys`. Live USB is single-agent (first dir = active); extra dirs are staged + flagged for the deployed multi-agent seam. Optional consume-and-shred (`/shred` marker). Import core is unit-testable via `CLAWDIE_SEED_TEST` and was verified end-to-end against a fake seed tree. ## Security note Per operator decision, env files on the seed may carry plaintext secrets (provider keys, vault bootstrap). The README is rewritten to document this honestly — seeded sticks are secret-bearing media; mitigations are 0600 landing and the shred option. ## Not wired yet (follow-ups) - Runtime consumption: staged `soul/` → agent workspace cwd; harness launch from `harness.toml`. - Deployed multi-agent provisioning. - `clawdie-ai` postinstall shelling out to `clawdie-vault-fetch`; deployed-disk staging of the helper. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
clawdie added 1 commit 2026-06-16 08:50:18 +02:00
Two parallel, additive paths so a host gets its secrets out of the box;
the manual setup wizard stays the floor (no config = no-op).

clawdie-vault-fetch (new): language-neutral bw bridge. Reads a 0600
~/.config/vault-bootstrap.env, pulls keys from the agent-secrets
collection (item name = env var name, value in password field, so no jq),
prints KEY=VALUE or --write-env upserts 0600. Exit codes distinguish
skip (3, no bootstrap) / broken (1) / no bw (4). Pinned
@bitwarden/cli@2026.5.0 for offline bundling; staged in
configure_live_operator_session.

clawdie-live-seed: extend the CLAWDIESEED FAT32 importer from the
authorized_keys allowlist to a per-agent directory convention —
/<agent>/ with env (merged 0600), harness.toml (pi|zot|local), soul/
(staged), ssh/authorized_keys. Live USB single-agent (first dir = active);
extra dirs staged + flagged for deployed multi-agent. Optional
consume-and-shred. Import core is unit-testable via CLAWDIE_SEED_TEST.

README rewritten to document the per-agent contract and the operator
decision to allow plaintext secrets on the seed (seeded sticks are
secret-bearing media; 0600 landing + shred mitigations).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdie closed this pull request 2026-06-20 14:33:15 +02:00

Pull request closed

Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/clawdie-iso#65
No description provided.