Populate layered-soul: identity, memories, skills, plan (Hermes & Sam)
- SOUL.md: full agent identity, operating principles, voice
- IDENTITY.md: runtime identity, hosts, boundaries
- USER.md: operator context imported from hermes-soul
- AGENTS.md: actual operating rules, infrastructure, quick reference
- memories/curated/: 5 topics (tailscale, forgejo, agents, projects, vaultwarden)
- skills/: 9 cross-harness skills imported from hermes-soul after review
- docs/PLAN-CONFIGURE-PRIVATE-REPO.md: configuration plan
- Validate: passes clean
2026-06-14 00:21:26 +02:00
# Vaultwarden Secrets
Self-hosted secrets management at **vault.smilepowered.org** (Vaultwarden 2025.12.0, SSL).
## Organization
**Clawdie** (ID: `39727691-3403-4c50-89b8-d5f24310e79c` )
### Collections
2026-06-14 01:48:32 +02:00
| Collection | ID | Access | Purpose |
| ------------- | -------------------------------------- | ---------- | --------------------------- |
Populate layered-soul: identity, memories, skills, plan (Hermes & Sam)
- SOUL.md: full agent identity, operating principles, voice
- IDENTITY.md: runtime identity, hosts, boundaries
- USER.md: operator context imported from hermes-soul
- AGENTS.md: actual operating rules, infrastructure, quick reference
- memories/curated/: 5 topics (tailscale, forgejo, agents, projects, vaultwarden)
- skills/: 9 cross-harness skills imported from hermes-soul after review
- docs/PLAN-CONFIGURE-PRIVATE-REPO.md: configuration plan
- Validate: passes clean
2026-06-14 00:21:26 +02:00
| agent-secrets | `94ba61b8-633c-454e-b749-f115617eeac3` | All agents | API keys, tokens, passwords |
2026-06-14 01:48:32 +02:00
| bootstrap | (admin only) | Sam | Setup keys, admin tokens |
Populate layered-soul: identity, memories, skills, plan (Hermes & Sam)
- SOUL.md: full agent identity, operating principles, voice
- IDENTITY.md: runtime identity, hosts, boundaries
- USER.md: operator context imported from hermes-soul
- AGENTS.md: actual operating rules, infrastructure, quick reference
- memories/curated/: 5 topics (tailscale, forgejo, agents, projects, vaultwarden)
- skills/: 9 cross-harness skills imported from hermes-soul after review
- docs/PLAN-CONFIGURE-PRIVATE-REPO.md: configuration plan
- Validate: passes clean
2026-06-14 00:21:26 +02:00
## Agent access
Each agent gets its own Vaultwarden user account and personal API key (starts with `user.` ). Organization API keys do NOT work with `bw` CLI — only personal ones.
Bootstrap credentials stored in `~/.hermes/.env` :
2026-06-14 01:48:32 +02:00
Populate layered-soul: identity, memories, skills, plan (Hermes & Sam)
- SOUL.md: full agent identity, operating principles, voice
- IDENTITY.md: runtime identity, hosts, boundaries
- USER.md: operator context imported from hermes-soul
- AGENTS.md: actual operating rules, infrastructure, quick reference
- memories/curated/: 5 topics (tailscale, forgejo, agents, projects, vaultwarden)
- skills/: 9 cross-harness skills imported from hermes-soul after review
- docs/PLAN-CONFIGURE-PRIVATE-REPO.md: configuration plan
- Validate: passes clean
2026-06-14 00:21:26 +02:00
- `BW_CLIENTID` / `BW_CLIENTSECRET` — personal API key
- `BW_PASSWORD` — master password
- `BW_SERVER` — https://vault.smilepowered.org
All other secrets move into the vault, fetched by `bw` CLI at runtime. Currently stored: hermes-debby Forgejo password, provider API keys pending migration.
## bw CLI
Installed via npx wrapper at `~/.local/bin/bw` (version must match Vaultwarden server — 2025.12.0). Login via `bw login --apikey` , unlock via `bw unlock --passwordenv BW_PASSWORD` .
