-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathagentkeys-secrets.env.example
More file actions
63 lines (55 loc) · 3.02 KB
/
agentkeys-secrets.env.example
File metadata and controls
63 lines (55 loc) · 3.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# agentkeys-secrets.env.example
#
# Template for local developer non-AWS knobs. DO NOT commit the real file —
# that's gitignored as `agentkeys-secrets.env`. Two ways to use:
#
# 1. Source it manually per shell:
# cp agentkeys-secrets.env.example agentkeys-secrets.env
# <fill in real values>
# source agentkeys-secrets.env
#
# 2. Source it from ~/.zshenv so non-interactive shells (Claude Code's Bash
# tool, cron jobs) pick it up too:
# echo "[ -f $PWD/agentkeys-secrets.env ] && source $PWD/agentkeys-secrets.env" >> ~/.zshenv
#
# AWS CREDENTIALS LIVE ELSEWHERE.
# As of Stage 7 phase 2, AWS credentials are managed via named profiles in
# ~/.aws/credentials (mode 0600), not env vars. The broker reads credentials
# through the AWS SDK's default chain — `awsp <profile>` (sets AWS_PROFILE)
# or an EC2 instance profile via IMDS. See docs/operator-runbook.md §3.1.
# ─── Non-secret infrastructure knobs ──────────────────────────────────────────
export REGION=us-east-1
export DOMAIN=bots.litentry.org
export ACCOUNT_ID=429071895007
export BUCKET="agentkeys-mail-${ACCOUNT_ID}"
export ROLE_ARN="arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-agent"
export DAEMON_USER_ARN="arn:aws:iam::${ACCOUNT_ID}:user/agentkeys-daemon"
export PARENT_ZONE_ID=Z09723983CFJOHAE3VC65 # litentry.org Route 53 zone
# Bucket where SES drops inbound mail for bots.litentry.org addresses.
export AGENTKEYS_SES_BUCKET="$BUCKET"
export AGENTKEYS_EMAIL_BACKEND=ses-s3
# Chrome CDP endpoint the recorder connects to.
export CDP_URL=http://localhost:9222
# ─── Signup / login test credentials ──────────────────────────────────────────
# Stable password for throwaway signup accounts. Fresh email per run is auto-
# generated by the recorder (bot-${Date.now()}@bots.litentry.org).
export AGENTKEYS_SIGNUP_PASSWORD=REPLACE_ME_WITH_STRONG_PASSWORD
# ─── CAPTCHA-solving service (optional) ───────────────────────────────────────
#
# CapSolver handles hCaptcha / reCAPTCHA / Cloudflare Turnstile on services
# that gate signup behind a challenge (ElevenLabs uses invisible hCaptcha).
# Without this key, the recorder escalates to human-in-loop on those
# services. Brave Search's custom PoW captcha is NOT a CapSolver task —
# it solves client-side on its own.
#
# Pricing: ~$1 per 1000 hCaptcha solves.
# Sign up: https://capsolver.com (paste the CAP-... token)
export CAPSOLVER_API_KEY=CAP-REPLACE_ME
# ─── Legacy: static AWS keys (only if you cannot use named profiles) ──────────
#
# The broker's old credential path. Both must be set together; setting only
# one is rejected at startup. Prefer `~/.aws/credentials` + `awsp` instead.
# Leave commented out for the recommended path.
#
# export DAEMON_ACCESS_KEY_ID=AKIA...REPLACE_ME
# export DAEMON_SECRET_ACCESS_KEY=REPLACE_ME