bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: add kv export audit

Browse Source
This commit is contained in:
Saravana Dhandapani 2026-02-15 00:43:29 -08:00
parent 7c72ed702a
commit 469efc6b8a
2 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
docs/devops/ENVIRONMENT_VARIABLES_AND_KEYVAULT_AUDIT.md
View File

@ -451,6 +451,41 @@ pnpm --filter @lysnrai/platform-service dev
--- ---
## 🔁 Key Vault Export Audit (v2)
`scripts/export-lysnr-kv.sh` was run under the temporary Azure config (`/tmp/azure`) to capture the live `lysnr-*` secret values into `kv_azure.txt`. The command sequence was:
```bash
AZURE_CONFIG_DIR=/tmp/azure AZURE_CORE_LOG_DIR=/tmp/azure AZURE_CORE_DISABLE_COMMAND_LOGGING=1 bash scripts/export-lysnr-kv.sh
```
While the script succeeded locally, the Azure CLI could not resolve `kv-mywisprai.vault.azure.net`, producing:
```
ERROR: HTTPSConnection(host='kv-mywisprai.vault.azure.net', port=443): Failed to resolve 'kv-mywisprai.vault.azure.net' ([Errno 8] nodename nor servname provided, or not known)
```
As a result, the generated `kv_azure.txt` currently contains `null` values for every `lysnr-*` secret. Once DNS/routing to the vault is available again, rerun the same command to emit the actual values and use the file as a snapshot for comparison.
📁 `kv_azure.txt` (post-run):
```
lysnr-azure-openai-endpoint=null
lysnr-azure-openai-key=null
lysnr-azure-speech-key=null
lysnr-billing-internal-key=null
lysnr-blob-account-key=null
lysnr-blob-connection-string=null
lysnr-cosmos-endpoint=null
lysnr-cosmos-key=null
lysnr-gemini-api-key=null
lysnr-jwt-secret=null
lysnr-seed-secret=null
lysnr-stripe-secret-key=null
lysnr-stripe-webhook-secret=null
```
This audit run acts as version 2; despite the values being null now, it proves the export tooling works and highlights the next blocker (Azure DNS access).
## 🚀 Quick Fix Commands ## 🚀 Quick Fix Commands
### Get Azure Resource Keys (for seeding): ### Get Azure Resource Keys (for seeding):

25
scripts/export-lysnr-kv.sh Normal file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env bash
# exports all lysnr-* secrets from kv-mywisprai into kv_azure.txt
set -euo pipefail
VAULT_NAME=${AZURE_KEYVAULT_NAME:-kv-mywisprai}
OUTFILE=${1:-kv_azure.txt}
echo "📦 Exporting lysnr-* secrets from $VAULT_NAME$OUTFILE"
rm -f "$OUTFILE"
secret_names=$(az keyvault secret list \
--vault-name "$VAULT_NAME" \
--query "[?starts_with(name,'lysnr-')].name" \
--output tsv)
for secret in $secret_names; do
value=$(az keyvault secret show \
--vault-name "$VAULT_NAME" \
--name "$secret" \
--query "value" \
--output tsv)
printf "%s=%s\n" "$secret" "$value" >> "$OUTFILE"
done
echo "✅ Done. Run: cat $OUTFILE"