rotate leaked MEMORY_API_KEY: use wrapper script instead of plaintext env vars

- Remove MEMORY_API_KEY and CLAUDE_MEMORY_API_KEY from settings.json env block - Replace mcp.json inline config with wrapper script that sources GPG-encrypted secrets - Add new rotated key to encrypted secrets.zsh
2026-03-15 18:21:46 +00:00 · 2026-03-15 18:21:46 +00:00 · 7a1090795c
commit 7a1090795c
parent 91e81da944
4 changed files with 30 additions and 31 deletions
--- a/dot_claude/settings.json
+++ b/dot_claude/settings.json
@ -1,11 +1,7 @@
 {
  "env": {
    "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS": "1",
-    "CLAUDE_MEMORY_API_KEY": "REDACTED_ROTATED_KEY",
-    "CLAUDE_MEMORY_API_URL": "https://claude-memory.viktorbarzin.me",
    "DISABLE_AUTOUPDATER": "1",
-    "MEMORY_API_KEY": "REDACTED_ROTATED_KEY",
-    "MEMORY_API_URL": "https://claude-memory.viktorbarzin.me",
    "STATUSLINE_DISABLE_BRANCH": "1",
    "STATUSLINE_DISABLE_CALENDAR": "1",
    "STATUSLINE_DISABLE_DIRECTORY": "1",
--- a/dot_local/bin/executable_claude-memory-mcp-wrapper
+++ b/dot_local/bin/executable_claude-memory-mcp-wrapper
@ -0,0 +1,7 @@
+#!/bin/bash
+# Wrapper for claude-memory MCP server that sources secrets from GPG-encrypted file.
+# This avoids committing API keys in plaintext JSON configs.
+source ~/.oh-my-zsh/custom/secrets.zsh 2>/dev/null
+export MEMORY_API_URL="${MEMORY_API_URL:-https://claude-memory.viktorbarzin.me}"
+export PYTHONPATH="/Users/viktorbarzin/code/claude-memory-mcp/src"
+exec python3 /Users/viktorbarzin/code/claude-memory-mcp/src/claude_memory/mcp_server.py "$@"
--- a/dot_mcp.json
+++ b/dot_mcp.json
@ -2,13 +2,7 @@
  "mcpServers": {
    "claude_memory": {
      "type": "stdio",
-      "command": "python3",
-      "args": ["/Users/viktorbarzin/code/claude-memory-mcp/src/claude_memory/mcp_server.py"],
-      "env": {
-        "MEMORY_API_URL": "https://claude-memory.viktorbarzin.me",
-        "MEMORY_API_KEY": "REDACTED_ROTATED_KEY",
-        "PYTHONPATH": "/Users/viktorbarzin/code/claude-memory-mcp/src"
-      }
+      "command": "/Users/viktorbarzin/.local/bin/claude-memory-mcp-wrapper"
    }
  }
 }
--- a/dot_oh-my-zsh/custom/encrypted_secrets.zsh.asc
+++ b/dot_oh-my-zsh/custom/encrypted_secrets.zsh.asc
@ -1,23 +1,25 @@
 -----BEGIN PGP MESSAGE-----

-hQEMA2I9C9ArYorXAQgA3F+sveuqsPWAfGv8GauznArr3qcWU9pYFHMsxRyqaOU4
-MhTIaZuGnw5JXJWKs1BaLNr54ZqnqyReMTiys14ub2FUoVrMLFZEuR2Om+VFTkca
-xVJiNjpbiSaBF/W4Ct0BxwMbX6P9ZXkyBd0y95j3kHizPTdz1srpd7NQvjP3L9nd
-E3MTjhx7UsqwV9o9ytELoMLPXGe+KZ+O1/QVTJ9BpjQY/0f1/BgE4vVpYij6V83u
-Qey+Ef7VUjuE7cCRTEnHnw/x+OGUN6avaVAk9E3QTmm3rVTgBcGeIdI7We4BgaoS
-dd5ixHOkfxellIDRfxFOnKQWJapmmNwzrMaV7ge8htLpAfdJY9KS17CCOGVnWZ+B
-7iWJwormgUx2S0Rv7pmHCy6vAzR0UP27ArO8u3fxJPRNEuQ4AnBfr/niOrscpKzi
-8/wkSf9ouTAJag1vO59zkACA5tRedRz+LOKXrVwRlPuv/BlsaDVotJ5HbSceG7Bs
-zjxy+bFPwdv9c2Ycq5ZMSEjvQdYV5nYfMTkcJ+0sg5ZwU8Ft5l7tRwCfLsxB2+c1
-dAcANRD2zi9aaMgPeQQY3L4BbG62x+gu/nVN7V+R6UfgcZ898nJAdgdyuW01sidD
-aQyljm0OX1adAFupQPzL7VajG4C16jCFlumj37Zx3meNTMlNF0SZeUwTFJ6eGX9A
-K1Z6GbDtwcM4msDXupiKzjiYI78C2wGToLzLwfxnKJgjbFe/bWFXeWKFvT2K8KK3
-YWrRtxKpUaaomw2xo2Sjf4vYvTA75+ifs2GCxdCawTmdGghnO3lI0tuBrSvYGchf
-lzLEgiLCuBq5qR7YjbrIrbMqvbMcm5k/8qMINfiDNtgUIfBWJ8HnvxNUx65a9cxQ
-FPSJsXguE0kGy2cqIi3vD5z+75Nur/CgHvBqFGmvgJTQKn4Z5MiS2SEoyh66JQxg
-fL5uFzFIApORdi8WsgKr9MtnkGktiWM3PWr5z4WirKwjqNeWauT+qU/Vd9d7dUnM
-d/z3d+r4InFk4DZrwjyiV4NtvXsjI1DeLKZjm9nDYYylei/89vpIhna0MJ98BklD
-rZHKYqFsj6SVvvCwFZ/dZIbos00f3cuqtA+7EvH/djLTcpWMnz4Whp0RfsaQxC2W
-lSH9gEPYhe7/OYdtu+a1vjhVVvAt9rUTNR2bdMnHbA==
-=jnXc
+hQEMA2I9C9ArYorXAQf+P3ToI0Ib8Pf9DHGfGUuNoKdz/41FQyKRywk+0zwwAo/j
+HxHxuHwMyo1W3yDG1/hReJImPbFt/3f7spVaRW9kGv+w/MGKopnhWOeOJdQBGGV
+Q5pXuEiSelyUfi0u6/XQYqFjLmYv0nR8k3GZN0Fh4XF0xpXJQdez1ml/Vh6R33Mz
+2xqgbSX6fQzUBYMKEKyVJx/ypFMkKEdhkqpFT+jjDL7IVbF9foew50u2w36PCn6j
+01rRmPiF4bBJsK6jx6sRe96e/iTLH27QnFKhcVX3vuW/Ypwg0BGd28+pso195BrI
+YuTAbkYSlXizJJ2goCZVD1OkX0oBC3HuWG7L+PJt19LpAbAy19fDlN+RawzrOfXd
+iBroiUbkM8uWuxHzPN/6OIByWlC1H0EjMh9cYbk/fvepNnm7n622knTEdNCh6mXh
+36sR+Rw3dQOS0W2//lPdyCDGhaq4vAteZE9p4OXfv1NDgeo0CMLCZVPAB/V9zTWm
+dJBJPPtaAJ+/2vw87nDDSwJHW1Dd1WS1jpMAH6igh5YzAjlakwUXgeMunkvWnbAK
+lDTJ5l9UY5XqiOhvXwQZiXq+VN4SJneTHW7+qJ3oh5N2o2LpQZxeCxD+lzt3IQun
+bpFif8jTf/atGCFPOemzwp2jAreT+ish7LUK8elCItaYQxHISidsdZ5VfjF4Vasl
+XGoFjCLEbG2LiE74opMFSRXHXmDyawvZA+1Ck9jVaN2U0YtcAaPhXD4toEGbWNSg
+zKPkwPtRu2xBQCZZGE4dhlC+N7f8+rCftCsdaPYaR7Tw+DhFHPuEcrSMNNgc8PDB
+TXsbPbQWTrHjQas9NfQQd2l/wt4TQ6EwAWwcbw5zFL5h9Se3LIH5bR2auiqYJFPz
+FNOBtsA4YIV3sieoAM7CRhebzhgXlrflCbOf2954GXS/BLaodY4etUs+6jP5l4fE
+S8hOYFDMEyvXWFKA9vjL/hoG1Wa9qVg2ayGiRzC0GQLtKIQitAPgRxz5ueV94kAV
+vwvE+O7Bxa6gyFE7MfDkFpq/cPCOyAKC3hEO6uWiK27kXSvShma2uX5QYOxYItOG
+P3XaSrmUNMjGdu2THjFB4jegRBMQy7A/o4SDIokJ/e9qadm/tTnODiULVj/JQ9vp
+1gbS3hUNo/arW1/hIeaWYyV6fJU6sxTIa37jNlInnBfwW1jcISryUesFQzkzvrh/
+qsa8gUX4ScZ6EUQQe94sMm6BGy2bSX+u3P6plbxaKcvvPyy5bxau3uRkCi+i7osP
+iec1VFrv1G6odgDboNJinG4=
+=rr5f
 -----END PGP MESSAGE-----