i2. UdZddlZddlmZddlmZmZmZddlm Z ddl Z e dGdd Z e dGd d Z e dGd d Z e dGddZiaeeefed<daeed<d7deeddfdZd7dedeedeefdZde fdZde fdZde fdZdefdZdeefdZdeefdZdeefdZdeefd Zd8d!edeeeffd"Zd9d#Ze d$k(rYddl!Z!e"e!jFd%kDr7e!jFd%Z$e$d&k(reye$d'k(reZ%e&e%jOZ(e(re)d(e!jTdye%jWDcgc] \}}|r | c}}Z,e)d)d*j[e,e!jTd%ye$d+k(r<eZ.e)d,e.j^d-e.j`d.e.jbrd/nd0d1ye$d2k(r/eZ.e)d3e.jdd4e.jfrd/nd0d1ye)d5e$e)d6yeyycc}}w):a Genesis Secrets Loader ====================== Secure credential management for Genesis memory system. Priority Order: 1. Environment variables (production) 2. secrets.env file (development) 3. Default to None (fail safely) NEVER commit actual credentials to source code. Usage: from secrets_loader import get_redis_config, get_qdrant_config redis = get_redis_config() qdrant = get_qdrant_config() N)Path)OptionalDictAny) dataclassT)frozencpeZdZUdZeed<eed<eeed<dZe ed<e de fdZ de ee ffd Zy ) RedisConfigzRedis connection configuration.hostportpasswordFsslreturncHt|jxr |jS)z&Check if Redis is properly configured.boolr r selfs ,/mnt/e/genesis-system/core/secrets_loader.py is_configuredzRedisConfig.is_configured#DII+$)),,c`|j|j|j|jdS)2Convert to dictionary for backwards compatibility.r r r rrrs rto_dictzRedisConfig.to_dict(s*IIII 88   rN)__name__ __module__ __qualname____doc__str__annotations__intrrrpropertyrrrrrrr r sP) I IsmC -t-- c3h rr ceZdZUdZeed<eed<eeed<dZeed<dZ e ed<e d e fd Z e d efd Z d eeeffd Zy ) QdrantConfigz%Qdrant vector database configuration.r r api_keygenesis_memoriescollection_nameT use_httpsrcHt|jxr |jS)z'Check if Qdrant is properly configured.rrs rrzQdrantConfig.is_configured;rrc^|jrdnd}|d|jd|jS)z#Get full URL for Qdrant connection.httpshttpz://:)r+r r )rprotocols rurlzQdrantConfig.url@s0#nn7&3tyyk499+66rcv|j|j|j|j|jdS)rr r r(r*r2r4rs rrzQdrantConfig.to_dictFs3IIII||#3388   rN)rrrr r!r"r#rr*r+rr$rr2rrrr%rrr'r'2su/ I I c]-OS-It -t--7S77  c3h rr'cteZdZUdZeed<eed<eed<eed<eed<dZeed<ed e fd Z d efd Z y ) PostgresConfigz$PostgreSQL connection configuration.r r userr dbnamerequiresslmoderct|j|j|j|j|j gS)z+Check if PostgreSQL is properly configured.)allr r r7r r8rs rrzPostgresConfig.is_configured[s.DIItyy$))T]]DKKPQQrc d|jd|jd|jd|jd|jd|j d S)z!Return a DSN string for psycopg2.zdbname='z' user='z' host='z ' password='z' port='z ' sslmode='')r8r7r r r r:rs rto_dsnzPostgresConfig.to_dsn`st$++htyyk$))LY]YfYfXggoptpypyoz{FGKGSGSFTTUV VrN) rrrr r!r"r#r:r$rrr?r%rrr6r6QsR. I I IM KGS RtRRVVrr6cHeZdZUdZeeed<eeed<edefdZ y) MCPConfigz+MCP (Model Context Protocol) configuration.endpointr(rc,t|jS)z$Check if MCP is properly configured.)rrBrs rrzMCPConfig.is_configuredksDMM""rN) rrrr rr!r"r$rrr%rrrArAes25sm c] #t##rrA _env_cacheF _env_loadedenv_pathrctry|tdtdtjdz dz tjdz g}|D]}|s|j s t |d5}|D]}|j }|r|jdr'd|vs,|jd\}}}|j }|j }|jd r|jd r|d d }n'|jd r|jd r|d d }|t|< dddtd |dayday#1swYxYw#t$r&}tjd|d|Yd}~7d}~wwxYw)z` Load environment variables from secrets.env file. Only loads once, caches results. Nz(/mnt/e/genesis-system/config/secrets.envz$E:/genesis-system/config/secrets.envz.genesisz secrets.envr#="r>z[OK] Secrets loaded from: zFailed to load secrets from z: T)rErhomecwdexistsopenstrip startswith partitionendswithrDprint Exceptionwarningswarn) rF search_pathspathflinekey_valuees r_load_env_filerbvs  78 34 j =0  ]" LJ DKKM J$_4 !4#zz|#ts';$$;,0NN3,?MCE"%))+C$)KKME$//49L(-a !&!1!1#!65>>#;N(-a .3JsO44"24&9:K3J2K-44& J secrets.env file > default )osenvirongetrbrD)r^rcr`s r_get_envrhsA JJNN3 E   NN3 E  Nrctdd}tdd}td}tdd} t|}|j d v}t |||| S#t$rd}tjd |d YGwxYw) am Get Redis configuration from environment. Environment Variables: GENESIS_REDIS_HOST: Redis host (default: localhost) GENESIS_REDIS_PORT: Redis port (default: 6379) GENESIS_REDIS_PASSWORD: Redis password (optional) GENESIS_REDIS_SSL: Use SSL (default: false) Returns: RedisConfig with connection parameters GENESIS_REDIS_HOST localhostGENESIS_REDIS_PORT6379GENESIS_REDIS_PASSWORDGENESIS_REDIS_SSLfalseizInvalid GENESIS_REDIS_PORT 'z ', using 6379true1yesr)rhr# ValueErrorrXrYlowerr )r port_strr ssl_strr rs rget_redis_configrys (+ 6D,f5H01H*G4GN8} --/1 1C       N 4XJmLMNs A$BBc(tdd}tdd}td}tdd}tdd } t|}|j d v}t |||||S#t$rd }tjd |d YHwxYw)a Get Qdrant configuration from environment. Environment Variables: GENESIS_QDRANT_HOST: Qdrant host GENESIS_QDRANT_PORT: Qdrant port (default: 6333) GENESIS_QDRANT_API_KEY: Qdrant API key (optional) GENESIS_QDRANT_COLLECTION: Collection name (default: genesis_memories) GENESIS_QDRANT_HTTPS: Use HTTPS (default: true) Returns: QdrantConfig with connection parameters GENESIS_QDRANT_HOSTGENESIS_QDRANT_PORT6333GENESIS_QDRANT_API_KEYGENESIS_QDRANT_COLLECTIONr)GENESIS_QDRANT_HTTPSrrizInvalid GENESIS_QDRANT_PORT 'z ', using 6333rq)r r r(r*r+)rhr#rurXrYrvr')r rwr( collection https_strr r+s rget_qdrant_configrs )2 .D-v6H/0G57IJJ/8IO8} !%99I   "   O 5hZ}MNOs A**$BBc,tdd}tdd}tdd}tdd}tdd}tdd } t|}t |||||| S#ttf$rd }t j d |d Y=wxYw)z Get PostgreSQL configuration from environment. Environment Variables: GENESIS_PG_HOST GENESIS_PG_PORT GENESIS_PG_USER GENESIS_PG_PASSWORD GENESIS_PG_DB GENESIS_PG_SSLMODE (default: require) GENESIS_PG_HOSTr|GENESIS_PG_PORT5432GENESIS_PG_USERGENESIS_PG_PASSWORD GENESIS_PG_DBGENESIS_PG_SSLMODEr9i8zInvalid GENESIS_PG_PORT 'z ', using 5432)r r r7r r8r:)rhr#ru TypeErrorrXrYr6)r rwr7r r8r:r s rget_postgres_configrs %r *D)62H %r *D-r2H or *F+Y7GK8}        "K 1(=IJKs A&&*BBcHtd}td}t||S)z Get MCP configuration from environment. Environment Variables: GENESIS_MCP_ENDPOINT: MCP server endpoint GENESIS_MCP_API_KEY: MCP API key (optional) Returns: MCPConfig with connection parameters GENESIS_MCP_ENDPOINTGENESIS_MCP_API_KEYrBr()rhrArs rget_mcp_configr"s'./H,-G h 88rctdS)z$Get Anthropic API key for LLM calls.ANTHROPIC_API_KEYrhr%rrget_anthropic_api_keyr3s ' ((rctdS)z+Get OpenAI API key for embeddings/fallback.OPENAI_API_KEYrr%rrget_openai_api_keyr8 $ %%rc2tdxs tdS)zGet Gemini API key.GEMINI_API_KEYGOOGLE_API_KEYrr%rrget_gemini_api_keyr<s $ % C2B)CCrctdS)zGet Telnyx API key.TELNYX_API_KEYrr%rrget_telnyx_api_keyrArr require_allc t}t}t}t|jxr|jdk7t|j t|jt|j t|jttd}|r.tt|d<t|j |d<|S)z Validate that required secrets are configured. Args: require_all: If True, check all secrets. If False, only core ones. Returns: Dict mapping secret name to availability status rk) redis_hostredis_password qdrant_hostqdrant_api_key mcp_endpointanthropic_api_keyopenai_api_key mcp_api_key) ryrrrr r r(rBrr)rredisqdrantmcpstatuss rvalidate_secretsrFs  E  F  C5::C%** *CDu~~.FKK(v~~.S\\*!"7"9: F#'(:(<#= $S[[ 1} Mrc@td}td|jD]\}}|rdnd}td|d|td|j D}t |}td |d ||d krtd td yy)zCPrint current secrets configuration status (safe, no values shown).T)rz === Genesis Secrets Status ===u✓u✗z  c3&K|] }|sd yw)rLNr%).0vs r z'print_secrets_status..ms511Q5sz Configured: /zP [!] Some core secrets missing. Create secrets.env or set environment variables.z: See: /mnt/e/genesis-system/config/secrets.env.templateN)rrVitemssumvalueslen)rr^ availableicon configuredtotals rprint_secrets_statusrds $ /F ,- ,,.!Y!uu 4&# !5 55J KE N:,aw /0A~ ab JKr__main__rLrvalidatez [OK] All core secrets configuredz[!] Missing secrets: z, z test-rediszRedis: r0z (password: setnone)z test-qdrantzQdrant: z (key: zUnknown command: zHUsage: python secrets_loader.py [status|validate|test-redis|test-qdrant])N)F)rN)4r repathlibrtypingrrr dataclassesrrXr r'r6rArDr!r"rErrbrhryrrrrrrrrrrsysrargvcmdrr<rall_okrVexitrmissingjoinconfigr r r r2r()krs00rrs& &&! $   , $   < $VVV& $### DcN T,Xd^,t,^# #&+D"<"J ^ F9 9")x}) &HSM&DHSMD &HSM& $4T ?<L& z 388}qhhqk (? " J %'F)F89 )/AAq1A-dii.@-ABC L %'F GFKK=&++lFOO5agBhhij k M !&(F HVZZLV/TTUV W %cU+ , \ ]A Bs  II