Standardize PEM paths to shared k8s Secret mount

All agents now reference PEMs at /paperclip/secrets/github-pems/<name>.pem instead of per-agent secrets/ subdirectories. PEMs will be mounted from a single Kubernetes Secret. Added .gitignore to prevent accidental secret commits. Countess GitHub App ID set to 3097914. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 08:49:58 -04:00
parent 96e47397d7
commit efaae0a266
8 changed files with 11 additions and 8 deletions
@@ -32,7 +32,7 @@
  "cwd": "/paperclip/privilegedescalation/engineering/gandalf",
  "env": {
    "GITHUB_APP_ID_GANDALF": { "type": "plain", "value": "3032771" },
-    "GITHUB_PEM_PATH_GANDALF": { "type": "plain", "value": "/paperclip/privilegedescalation/engineering/gandalf/secrets/github-app.pem" }
+    "GITHUB_PEM_PATH_GANDALF": { "type": "plain", "value": "/paperclip/secrets/github-pems/gandalf.pem" }
  },
  "model": "claude-opus-4-6",
  "graceSec": 15,
@@ -32,7 +32,7 @@
  "cwd": "/paperclip/privilegedescalation/engineering/hugh",
  "env": {
    "GITHUB_APP_ID_HUGH": { "type": "plain", "value": "3034857" },
-    "GITHUB_PEM_PATH_HUGH": { "type": "plain", "value": "/paperclip/privilegedescalation/engineering/hugh/secrets/github-app.pem" }
+    "GITHUB_PEM_PATH_HUGH": { "type": "plain", "value": "/paperclip/secrets/github-pems/hugh.pem" }
  },
  "model": "auto",
  "graceSec": 15,
@@ -35,7 +35,7 @@
  "env": {
    "OPENROUTER_API_KEY": { "type": "plain", "value": "<REDACTED - restore from pg-fix-regina-env2.sh>" },
    "GITHUB_APP_ID_REGINA": { "type": "plain", "value": "3033788" },
-    "GITHUB_PEM_PATH_REGINA": { "type": "plain", "value": "/paperclip/privilegedescalation/engineering/regina/secrets/github-app.pem" }
+    "GITHUB_PEM_PATH_REGINA": { "type": "plain", "value": "/paperclip/secrets/github-pems/regina.pem" }
  },
  "model": "openrouter/minimax/minimax-m2.5",
  "mode": "",