viktor/dot_files
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rotate leaked MEMORY_API_KEY: use wrapper script instead of plaintext env vars

Browse source 
- Remove MEMORY_API_KEY and CLAUDE_MEMORY_API_KEY from settings.json env block
- Replace mcp.json inline config with wrapper script that sources GPG-encrypted secrets
- Add new rotated key to encrypted secrets.zsh
This commit is contained in:
Viktor Barzin 2026-03-15 18:21:46 +00:00
parent 91e81da944
commit 7a1090795c
4 changed files with 30 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

4
dot_claude/settings.json
View file

@ -1,11 +1,7 @@
{ {
"env": { "env": {
"CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS": "1", "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS": "1",
"CLAUDE_MEMORY_API_KEY": "REDACTED_ROTATED_KEY",
"CLAUDE_MEMORY_API_URL": "https://claude-memory.viktorbarzin.me",
"DISABLE_AUTOUPDATER": "1", "DISABLE_AUTOUPDATER": "1",
"MEMORY_API_KEY": "REDACTED_ROTATED_KEY",
"MEMORY_API_URL": "https://claude-memory.viktorbarzin.me",
"STATUSLINE_DISABLE_BRANCH": "1", "STATUSLINE_DISABLE_BRANCH": "1",
"STATUSLINE_DISABLE_CALENDAR": "1", "STATUSLINE_DISABLE_CALENDAR": "1",
"STATUSLINE_DISABLE_DIRECTORY": "1", "STATUSLINE_DISABLE_DIRECTORY": "1",

7
dot_local/bin/executable_claude-memory-mcp-wrapper Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Wrapper for claude-memory MCP server that sources secrets from GPG-encrypted file.
# This avoids committing API keys in plaintext JSON configs.
source ~/.oh-my-zsh/custom/secrets.zsh 2>/dev/null
export MEMORY_API_URL="${MEMORY_API_URL:-https://claude-memory.viktorbarzin.me}"
export PYTHONPATH="/Users/viktorbarzin/code/claude-memory-mcp/src"
exec python3 /Users/viktorbarzin/code/claude-memory-mcp/src/claude_memory/mcp_server.py "$@"

8
dot_mcp.json
View file

@ -2,13 +2,7 @@
"mcpServers": { "mcpServers": {
"claude_memory": { "claude_memory": {
"type": "stdio", "type": "stdio",
"command": "python3", "command": "/Users/viktorbarzin/.local/bin/claude-memory-mcp-wrapper"
"args": ["/Users/viktorbarzin/code/claude-memory-mcp/src/claude_memory/mcp_server.py"],
"env": {
"MEMORY_API_URL": "https://claude-memory.viktorbarzin.me",
"MEMORY_API_KEY": "REDACTED_ROTATED_KEY",
"PYTHONPATH": "/Users/viktorbarzin/code/claude-memory-mcp/src"
}
} }
} }
} }

42
dot_oh-my-zsh/custom/encrypted_secrets.zsh.asc
View file

@ -1,23 +1,25 @@
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMA2I9C9ArYorXAQgA3F+sveuqsPWAfGv8GauznArr3qcWU9pYFHMsxRyqaOU4 hQEMA2I9C9ArYorXAQf+P3ToI0Ib8Pf9DHGfGUuNoKdz/41FQyKRywk+0zwwAo/j
MhTIaZuGnw5JXJWKs1BaLNr54ZqnqyReMTiys14ub2FUoVrMLFZEuR2Om+VFTkca +HxHxuHwMyo1W3yDG1/hReJImPbFt/3f7spVaRW9kGv+w/MGKopnhWOeOJdQBGGV
xVJiNjpbiSaBF/W4Ct0BxwMbX6P9ZXkyBd0y95j3kHizPTdz1srpd7NQvjP3L9nd Q5pXuEiSelyUfi0u6/XQYqFjLmYv0nR8k3GZN0Fh4XF0xpXJQdez1ml/Vh6R33Mz
E3MTjhx7UsqwV9o9ytELoMLPXGe+KZ+O1/QVTJ9BpjQY/0f1/BgE4vVpYij6V83u 2xqgbSX6fQzUBYMKEKyVJx/ypFMkKEdhkqpFT+jjDL7IVbF9foew50u2w36PCn6j
Qey+Ef7VUjuE7cCRTEnHnw/x+OGUN6avaVAk9E3QTmm3rVTgBcGeIdI7We4BgaoS 01rRmPiF4bBJsK6jx6sRe96e/iTLH27QnFKhcVX3vuW/Ypwg0BGd28+pso195BrI
dd5ixHOkfxellIDRfxFOnKQWJapmmNwzrMaV7ge8htLpAfdJY9KS17CCOGVnWZ+B YuTAbkYSlXizJJ2goCZVD1OkX0oBC3HuWG7L+PJt19LpAbAy19fDlN+RawzrOfXd
7iWJwormgUx2S0Rv7pmHCy6vAzR0UP27ArO8u3fxJPRNEuQ4AnBfr/niOrscpKzi iBroiUbkM8uWuxHzPN/6OIByWlC1H0EjMh9cYbk/fvepNnm7n622knTEdNCh6mXh
8/wkSf9ouTAJag1vO59zkACA5tRedRz+LOKXrVwRlPuv/BlsaDVotJ5HbSceG7Bs 36sR+Rw3dQOS0W2//lPdyCDGhaq4vAteZE9p4OXfv1NDgeo0CMLCZVPAB/V9zTWm
zjxy+bFPwdv9c2Ycq5ZMSEjvQdYV5nYfMTkcJ+0sg5ZwU8Ft5l7tRwCfLsxB2+c1 dJBJPPtaAJ+/2vw87nDDSwJHW1Dd1WS1jpMAH6igh5YzAjlakwUXgeMunkvWnbAK
dAcANRD2zi9aaMgPeQQY3L4BbG62x+gu/nVN7V+R6UfgcZ898nJAdgdyuW01sidD lDTJ5l9UY5XqiOhvXwQZiXq+VN4SJneTHW7+qJ3oh5N2o2LpQZxeCxD+lzt3IQun
aQyljm0OX1adAFupQPzL7VajG4C16jCFlumj37Zx3meNTMlNF0SZeUwTFJ6eGX9A bpFif8jTf/atGCFPOemzwp2jAreT+ish7LUK8elCItaYQxHISidsdZ5VfjF4Vasl
K1Z6GbDtwcM4msDXupiKzjiYI78C2wGToLzLwfxnKJgjbFe/bWFXeWKFvT2K8KK3 XGoFjCLEbG2LiE74opMFSRXHXmDyawvZA+1Ck9jVaN2U0YtcAaPhXD4toEGbWNSg
YWrRtxKpUaaomw2xo2Sjf4vYvTA75+ifs2GCxdCawTmdGghnO3lI0tuBrSvYGchf zKPkwPtRu2xBQCZZGE4dhlC+N7f8+rCftCsdaPYaR7Tw+DhFHPuEcrSMNNgc8PDB
lzLEgiLCuBq5qR7YjbrIrbMqvbMcm5k/8qMINfiDNtgUIfBWJ8HnvxNUx65a9cxQ TXsbPbQWTrHjQas9NfQQd2l/wt4TQ6EwAWwcbw5zFL5h9Se3LIH5bR2auiqYJFPz
FPSJsXguE0kGy2cqIi3vD5z+75Nur/CgHvBqFGmvgJTQKn4Z5MiS2SEoyh66JQxg FNOBtsA4YIV3sieoAM7CRhebzhgXlrflCbOf2954GXS/BLaodY4etUs+6jP5l4fE
fL5uFzFIApORdi8WsgKr9MtnkGktiWM3PWr5z4WirKwjqNeWauT+qU/Vd9d7dUnM S8hOYFDMEyvXWFKA9vjL/hoG1Wa9qVg2ayGiRzC0GQLtKIQitAPgRxz5ueV94kAV
d/z3d+r4InFk4DZrwjyiV4NtvXsjI1DeLKZjm9nDYYylei/89vpIhna0MJ98BklD vwvE+O7Bxa6gyFE7MfDkFpq/cPCOyAKC3hEO6uWiK27kXSvShma2uX5QYOxYItOG
rZHKYqFsj6SVvvCwFZ/dZIbos00f3cuqtA+7EvH/djLTcpWMnz4Whp0RfsaQxC2W P3XaSrmUNMjGdu2THjFB4jegRBMQy7A/o4SDIokJ/e9qadm/tTnODiULVj/JQ9vp
lSH9gEPYhe7/OYdtu+a1vjhVVvAt9rUTNR2bdMnHbA== 1gbS3hUNo/arW1/hIeaWYyV6fJU6sxTIa37jNlInnBfwW1jcISryUesFQzkzvrh/
=jnXc qsa8gUX4ScZ6EUQQe94sMm6BGy2bSX+u3P6plbxaKcvvPyy5bxau3uRkCi+i7osP
iec1VFrv1G6odgDboNJinG4=
=rr5f
-----END PGP MESSAGE----- -----END PGP MESSAGE-----