From 3bfdb7a084ff0773aa1b23e7f87f69181ad093dd Mon Sep 17 00:00:00 2001 From: saravanakumardb1 Date: Sat, 14 Feb 2026 23:43:27 -0800 Subject: [PATCH] docs: add git history recovery summary to KV audit, gitignore kv.txt seed file --- .gitignore | 1 + ...NVIRONMENT_VARIABLES_AND_KEYVAULT_AUDIT.md | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/.gitignore b/.gitignore index 2445854b..3cf63a5f 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ coverage/ *.p12 *.pfx *.key +kv.txt diff --git a/docs/devops/ENVIRONMENT_VARIABLES_AND_KEYVAULT_AUDIT.md b/docs/devops/ENVIRONMENT_VARIABLES_AND_KEYVAULT_AUDIT.md index 09391f6c..3e1670ba 100644 --- a/docs/devops/ENVIRONMENT_VARIABLES_AND_KEYVAULT_AUDIT.md +++ b/docs/devops/ENVIRONMENT_VARIABLES_AND_KEYVAULT_AUDIT.md @@ -488,6 +488,40 @@ node -e "process.env.AZURE_KEYVAULT_URL && console.log('✅ KV enabled') || cons --- +## 🔍 Git History Recovery (2026-02-14) + +Scanned git history across `learning_voice_ai_agent` to recover actual secret values for the 13 missing `lysnr-*` secrets. + +| # | KV Secret Name | Source | Status | +|---|----------------|--------|--------| +| 1 | `lysnr-cosmos-endpoint` | `.env` commits | ✅ Recovered | +| 2 | `lysnr-cosmos-key` | `.env` commits | ✅ Recovered | +| 3 | `lysnr-jwt-secret` | `.env` commits | ✅ Recovered | +| 4 | `lysnr-stripe-secret-key` | `.env` commits | ✅ Recovered (sk_test_*) | +| 5 | `lysnr-stripe-webhook-secret` | `.env` commits | ✅ Recovered (whsec_*) | +| 6 | `lysnr-billing-internal-key` | `.env` commits | ✅ Recovered | +| 7 | `lysnr-blob-connection-string` | `.env` commits | ✅ Recovered | +| 8 | `lysnr-blob-account-key` | `.env` commits | ✅ Recovered | +| 9 | `lysnr-gemini-api-key` | — | ❌ Not found (only placeholder in history) | +| 10 | `lysnr-seed-secret` | `.env` commits | ✅ Recovered | +| 11 | `lysnr-azure-speech-key` | `.env` commits | ✅ Recovered | +| 12 | `lysnr-azure-openai-key` | `.env` commits | ✅ Recovered | +| 13 | `lysnr-azure-openai-endpoint` | `.env` commits | ✅ Recovered | + +**Result:** 12/13 recovered. Seed script written to `kv.txt` (gitignored, temporary). + +**To seed:** +```bash +az login +bash kv.txt +# Then manually add: lysnr-gemini-api-key (get from https://aistudio.google.com/apikey) +rm kv.txt +``` + +> ⚠️ **Post-seed:** These keys were exposed in git history. Schedule rotation after seeding (see `AZURE_KEY_VAULT_AND_SECRETS_ROTATION.md`). + +--- + **Generated by:** Environment audit automation **Maintained by:** ByteLyst DevOps Team **Next Audit:** After LysnrAI `lysnr-*` secrets are seeded into `kv-mywisprai`