update claude knowledge: secret/viktor is go-to for all personal secrets [ci skip]

2026-03-15 23:21:52 +00:00 · 2026-03-15 23:21:52 +00:00 · b87ba5e778
commit b87ba5e778
parent a9890a1f27
1 changed files with 1 additions and 0 deletions
--- a/.claude/CLAUDE.md
+++ b/.claude/CLAUDE.md
@ -21,6 +21,7 @@

 ## Secrets Management — Vault KV (SOPS removed)
 - **Vault is the sole source of truth** for secrets. SOPS pipeline has been removed entirely.
+- **`secret/viktor`** — go-to path for ALL personal secrets (135 keys). Contains every API key, token, password, SSH key, and config from the old terraform.tfvars. Check here first: `vault kv get -field=KEY secret/viktor`.
 - **Auth**: `vault login -method=oidc` (Authentik SSO) → `~/.vault-token` → read by Vault TF provider.
 - **Vault stack self-reads**: `data "vault_kv_secret_v2" "vault"` reads its own OIDC creds from `secret/vault`.
 - **ESO (External Secrets Operator)**: `stacks/external-secrets/` — 43 ExternalSecrets + 9 DB-creds ExternalSecrets. API version `v1beta1`. Two ClusterSecretStores: `vault-kv` and `vault-database`.