# Secrets Quick Reference

**Last Updated:** 2026-01-31  
**Document Version:** 1.0  
**Status:** Active Documentation

---

**Date:** 2025-01-27  
**Purpose:** Quick lookup for all secrets and their locations

---

## 🔴 CRITICAL SECRETS (Immediate HSM Migration)

### Private Keys
```
PRIVATE_KEY (Deployer)
  Locations:
    - smom-dbis-138/.env
    - no_five/.env
    - loc_az_hci/smom-dbis-138/.env
    - proxmox/smom-dbis-138/services/*/.env
    - docs/06-besu/T1_2_CREDENTIALS_VERIFIED.md
  Value: 0x5373d11ee2cad4ed82b9208526a8c358839cbfe325919fb250f062a25153d1c8
  Address: 0x4A666F96fC8764181194447A7dFdb7d471b301C8

PRIVATE_KEY (237-combo)
  Location: 237-combo/.env
  Value: 5e72443d6f357af402859433b115f5b7394786b2624a7cd7e670256a2467bd14
```

### Cloudflare API Tokens
```
CLOUDFLARE_API_TOKEN
  Locations:
    - loc_az_hci/smom-dbis-138/.env: CWNCvhFa0EgXsazoUrJyv1CS-ORoiMmgvM0zm47N
    - scripts/fix-certbot-dns-propagation.sh: JSEO_sruWB6lf1id77gtI7HOLVdhkhaR2goPEJIk

CLOUDFLARE_API_KEY
  Locations:
    - proxmox/.env: 65d8f07ebb3f0454fdc4e854b6ada13fba0f0
    - loc_az_hci/.env: x2Kgfb7OI8OEu7SUeUSyLIgVFmvXFd6zV_5ZwGcW

CLOUDFLARE_TUNNEL_TOKEN
  Locations:
    - proxmox/.env: sRwHkwQO5HfD6aK0ZzdV8XHsAyG_DLe_KCjv2bRP
    - scripts/install-shared-tunnel-token.sh: eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9

CLOUDFLARE_ORIGIN_CA_KEY
  Location: proxmox/.env
  Value: v1.0-e7109fbbe03bfeb201570275-231a7ddf5c59799f68b0a0a73a3e17d72177325bb60e4b2c295896f9fe9c296dc32a5881a7d23859934d508b4f41f1d86408e103012b44b0b057bb857b0168554be4dc215923c043bd
```

### NPM Passwords
```
NPM_PASSWORD
  Locations:
    - proxmox/.env: L@ker$2010
    - scripts/create-npmplus-proxy.sh: ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72
    - scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh: ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72

NPM_EMAIL
  Locations:
    - proxmox/.env: nsatoshi2007@hotmail.com
    - scripts: admin@example.org
```

---

## ⚠️ HIGH PRIORITY SECRETS

### Database Credentials
```
DATABASE_URL
  Location: dbis_core/.env
  Format: postgresql://user:password@host:port/database
```

### UniFi/Omada
```
UNIFI_API_KEY
  Location: docs/04-configuration/UDM_PRO_API_LIMITATIONS.md
  Value: _6WXEiH2tMDkrO3jKc54SKa53fHZE-Wg

UNIFI_PASSWORD
  Location: Multiple docs
  Value: L@kers2010$$
```

---

## 📋 ALL SECRET LOCATIONS

### .env Files with Secrets
```
./proxmox/.env
./proxmox/smom-dbis-138/.env
./proxmox/smom-dbis-138/services/relay/.env
./proxmox/smom-dbis-138/services/state-anchoring-service/.env
./proxmox/smom-dbis-138/services/transaction-mirroring-service/.env
./loc_az_hci/.env
./loc_az_hci/smom-dbis-138/.env
./smom-dbis-138/.env
./no_five/.env
./237-combo/.env
./dbis_core/.env
```

### Scripts with Hardcoded Secrets
```
./proxmox/scripts/install-shared-tunnel-token.sh
./proxmox/scripts/fix-certbot-dns-propagation.sh
./proxmox/scripts/obtain-all-ssl-certificates.sh
./proxmox/scripts/configure-all-cloudflare-dns.sh
./proxmox/scripts/test-cloudflare-permissions.sh
./proxmox/smom-dbis-138/frontend-dapp/create-npmplus-proxy.sh
./proxmox/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh
./proxmox/scripts/nginx-proxy-manager/delete-sankofa-proxy-hosts.sh
```

### Documentation with Secrets
```
./proxmox/docs/06-besu/T1_2_CREDENTIALS_VERIFIED.md
./proxmox/docs/06-besu/T1_2_CREDENTIALS_STATUS.md
./proxmox/docs/04-configuration/UDM_PRO_API_LIMITATIONS.md
./proxmox/docs/04-configuration/NGINX_PROXY_MANAGER_COMPLETE_SETUP.md
```

---

## 🔐 HSM VAULT PATHS (Proposed)

```
secret/blockchain/private-keys/deployer
secret/blockchain/private-keys/237-combo
secret/cloudflare/api-tokens/main
secret/cloudflare/api-tokens/certbot
secret/cloudflare/tunnel-tokens/shared
secret/cloudflare/origin-ca/main
secret/infrastructure/npm/password
secret/infrastructure/npm/email
secret/infrastructure/unifi/api-key
secret/infrastructure/unifi/password
secret/databases/postgres/main
secret/services/jwt/main
```

---

## ⚡ QUICK ACTIONS

### Verify .gitignore
```bash
grep -r "\.env" .gitignore
grep -r "\.env\.backup" .gitignore
```

### Find All .env Files
```bash
find . -name ".env" ! -name "*.example" ! -path "*/node_modules/*"
```

### Find Hardcoded Secrets in Scripts
```bash
grep -rE "(PASSWORD|SECRET|API_KEY|TOKEN|PRIVATE_KEY)\s*=" --include="*.sh" --include="*.js" --include="*.ts"
```

### Check for Secrets in Git History
```bash
git log --all --full-history --source -- "*/.env"
```

---

**See [MASTER_SECRETS_INVENTORY.md](MASTER_SECRETS_INVENTORY.md) for complete details.**