-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathagentkeys-secrets.env.example
More file actions
64 lines (54 loc) · 3.11 KB
/
agentkeys-secrets.env.example
File metadata and controls
64 lines (54 loc) · 3.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# agentkeys-secrets.env.example
#
# Template for local developer secrets. DO NOT commit the real file — that's
# gitignored as `agentkeys-secrets.env`. Two ways to use:
#
# 1. Source it manually per shell:
# cp agentkeys-secrets.env.example agentkeys-secrets.env
# <fill in real values>
# source agentkeys-secrets.env
#
# 2. Source it from ~/.zshenv so non-interactive shells (Claude Code's Bash
# tool, cron jobs) pick it up too:
# echo "[ -f $PWD/agentkeys-secrets.env ] && source $PWD/agentkeys-secrets.env" >> ~/.zshenv
#
# After filling, run: `source scripts/stage6-demo-env.sh` to mint 1 h STS
# temp creds from DAEMON_* and export them as AWS_*.
# ─── Long-lived IAM users (rotate quarterly) ──────────────────────────────────
# Daemon user — only permission is `sts:AssumeRole` into agentkeys-agent.
# Compromise blast radius = can assume the role; rotate via `aws iam
# update-access-key --status Inactive` + create new key.
export DAEMON_ACCESS_KEY_ID=AKIA...REPLACE_ME
export DAEMON_SECRET_ACCESS_KEY=REPLACE_ME
# Admin user — used for infra changes (SES config, IAM policies). NOT used by
# the scraper/recorder runtime. If you don't do admin work, leave blank.
export ADMIN_AWS_ACCESS_KEY_ID=AKIA...REPLACE_ME_OR_BLANK
export ADMIN_AWS_ACCESS_KEY_SECRET=REPLACE_ME_OR_BLANK
# ─── Non-secret infrastructure knobs ──────────────────────────────────────────
export REGION=us-east-1
export DOMAIN=bots.litentry.org
export ACCOUNT_ID=429071895007
export BUCKET="agentkeys-mail-${ACCOUNT_ID}"
export ROLE_ARN="arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-agent"
export DAEMON_USER_ARN="arn:aws:iam::${ACCOUNT_ID}:user/agentkeys-daemon"
export PARENT_ZONE_ID=Z09723983CFJOHAE3VC65 # litentry.org Route 53 zone
# Bucket where SES drops inbound mail for bots.litentry.org addresses.
export AGENTKEYS_SES_BUCKET="$BUCKET"
export AGENTKEYS_EMAIL_BACKEND=ses-s3
# Chrome CDP endpoint the recorder connects to.
export CDP_URL=http://localhost:9222
# ─── Signup / login test credentials ──────────────────────────────────────────
# Stable password for throwaway signup accounts. Fresh email per run is auto-
# generated by the recorder (bot-${Date.now()}@bots.litentry.org).
export AGENTKEYS_SIGNUP_PASSWORD=REPLACE_ME_WITH_STRONG_PASSWORD
# ─── CAPTCHA-solving service (optional) ───────────────────────────────────────
#
# CapSolver handles hCaptcha / reCAPTCHA / Cloudflare Turnstile on services
# that gate signup behind a challenge (ElevenLabs uses invisible hCaptcha).
# Without this key, the recorder escalates to human-in-loop on those
# services. Brave Search's custom PoW captcha is NOT a CapSolver task —
# it solves client-side on its own.
#
# Pricing: ~$1 per 1000 hCaptcha solves.
# Sign up: https://capsolver.com (paste the CAP-... token)
export CAPSOLVER_API_KEY=CAP-REPLACE_ME