# Instance Details

Instance-specific configuration for vault.smilepowered.org.

## Server

- URL: `https://vault.smilepowered.org`
- Admin page: `https://vault.smilepowered.org/admin` (first user is auto-admin)
- bw CLI path: `~/.nvm/versions/node/v24.16.0/bin/bw`

## Organization & Collections

- Organization: `Clawdie` (39727691-3403-4c50-89b8-d5f24310e79c)

| Name          | ID                                   | Purpose                                  |
| ------------- | ------------------------------------ | ---------------------------------------- |
| agent-secrets | 94ba61b8-633c-454e-b749-f115617eeac3 | Day-to-day tokens, passwords for agents  |
| bootstrap     | b996ce7c-b931-4947-8cc4-edb5fe914bae | Admin tokens, setup keys (operator only) |
| deploy        | 4d3ed026-2bed-42fb-a19f-197a02c5b336 | FreeBSD deploy secrets (osa access)      |

## Login Flow (headless)

```bash
# Server config (one-time)
bw config server https://vault.smilepowered.org

# Login with personal API key (not org key)
bw login --apikey   # uses BW_CLIENTID + BW_CLIENTSECRET env vars

# Unlock with master password
BW_PASSWORD="..." bw unlock --passwordenv BW_PASSWORD
# Returns BW_SESSION value — use for subsequent commands
```

## CRUD Operations Pattern

All require BW_SESSION from unlock.

```bash
bw list items --session "$BW_SESSION"
bw get item "item name" --session "$BW_SESSION"

# Create login item in organization collection
echo '{"type":1,"name":"Service Login","notes":"...","login":{"username":"user","password":"pass","uris":[{"uri":"https://..."}]},"organizationId":"39727691-3403-4c50-89b8-d5f24310e79c"}' | bw encode | bw create item --session "$BW_SESSION"

# Move item to collection
bw get item "<id>" --session "$BW_SESSION" | \
  python3 -c "import sys,json; d=json.load(sys.stdin); d['collectionIds']=['<collection-id>']; print(json.dumps(d))" | \
  bw encode | bw edit item "<id>" --session "$BW_SESSION"

# Lock when done
bw lock
```