anthony.wen/cds-ai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Scrub tracked secrets and switch ATVM docs to local credential references

Browse Source 
- remove hardcoded credentials, tokens, registration codes, and similar secret values from tracked ATVM and CDS MCP docs
- replace those values with references to /home/aw/code/cds/.env.credentials.local and the corresponding environment variable names
- update current operator guides to instruct sourcing .env.credentials.local before credential-dependent setup and automation workflows
- update the ATVM setup scripts to consume ATVM_TARGET_PASSWORD from the environment instead of hardcoding the Ubuntu root SSH password
- scrub the remaining tracked artifact log entry that still included the old CMC registration code
- keep the local-only credential inventory in .env.credentials.local while leaving that file untracked
This commit is contained in:
anthony.wen
2026-03-24 17:32:44 -04:00
parent 4c07863f6c
commit 86b1a0e4a9
13 changed files with 111 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
atvm/scripts/atvm-setup-script.sh
View File

@@ -16,6 +16,8 @@
set -euo pipefail
ATVM_ROOT_SSH_PASSWORD="${ATVM_TARGET_PASSWORD:-}"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
@@ -432,7 +434,12 @@ configure_ubuntu_root_ssh_access() {
print_warning "Ubuntu-specific workflow: configuring root account for SSH password login"
echo "root:cdsi2012" | ${SUDO_CMD} chpasswd
if [[ -z "$ATVM_ROOT_SSH_PASSWORD" ]]; then
print_error "ATVM_TARGET_PASSWORD must be set before running the Ubuntu root SSH workflow"
exit 1
fi
echo "root:${ATVM_ROOT_SSH_PASSWORD}" | ${SUDO_CMD} chpasswd
${SUDO_CMD} passwd -u root >/dev/null 2>&1 || true
print_info "Root password set to configured workflow value"
@@ -464,7 +471,7 @@ EOF"
ROOT_SSH_CONFIGURED=true
print_info "Root SSH/password workflow configured for Ubuntu"
print_info "Next operator step: reconnect as root with password cdsi2012"
print_info "Next operator step: reconnect as root using the ATVM_TARGET_PASSWORD value"
}
#==============================================================================
@@ -1453,7 +1460,7 @@ print_final_summary() {
"
summary_output+=" * PasswordAuthentication enabled
"
summary_output+=" * Reconnect as root/cdsi2012 for root-only workflow
summary_output+=" * Reconnect as root using the ATVM_TARGET_PASSWORD value for root-only workflow
"
else
summary_output+="[SKIP] Step 2: Ubuntu Root SSH Access Configuration
@@ -1697,7 +1704,7 @@ After hash match is confirmed on controller:
echo " * Root password set to workflow value"
echo " * PermitRootLogin enabled"
echo " * PasswordAuthentication enabled"
echo " * Reconnect as root/cdsi2012 for root-only workflow"
echo " * Reconnect as root using the ATVM_TARGET_PASSWORD value for root-only workflow"
else
echo -e "${YELLOW}[SKIP] Step 2: Ubuntu Root SSH Access Configuration${NC}"
echo " * Not applied"