From b87ba5e778994085d4e051d142fd23ac94ce9598 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <viktorbarzin@meta.com>
Date: Sun, 15 Mar 2026 23:21:52 +0000
Subject: [PATCH] update claude knowledge: secret/viktor is go-to for all
 personal secrets [ci skip]

---
 .claude/CLAUDE.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md
index c5918ce3..2b741877 100755
--- a/.claude/CLAUDE.md
+++ b/.claude/CLAUDE.md
@@ -21,6 +21,7 @@
 
 ## Secrets Management — Vault KV (SOPS removed)
 - **Vault is the sole source of truth** for secrets. SOPS pipeline has been removed entirely.
+- **`secret/viktor`** — go-to path for ALL personal secrets (135 keys). Contains every API key, token, password, SSH key, and config from the old terraform.tfvars. Check here first: `vault kv get -field=KEY secret/viktor`.
 - **Auth**: `vault login -method=oidc` (Authentik SSO) → `~/.vault-token` → read by Vault TF provider.
 - **Vault stack self-reads**: `data "vault_kv_secret_v2" "vault"` reads its own OIDC creds from `secret/vault`.
 - **ESO (External Secrets Operator)**: `stacks/external-secrets/` — 43 ExternalSecrets + 9 DB-creds ExternalSecrets. API version `v1beta1`. Two ClusterSecretStores: `vault-kv` and `vault-database`.