W՞ildZddlmZddlZddlZddlZddlZdZdZhdZ d dZ ddZ dd Z dd Z ddd Zed k(reyy)u scripts/migrate_secrets.py Migrate secrets from config/secrets.env to Infisical. Usage: python3 scripts/migrate_secrets.py --dry-run # Preview — no API calls python3 scripts/migrate_secrets.py --execute # Upload to Infisical Side-effects (always, regardless of mode): Writes config/secrets.env.template with placeholder values so the plaintext file can safely be removed or gitignored. Environment variables required for --execute: INFISICAL_TOKEN — Universal Auth client secret INFISICAL_PROJECT_ID — Infisical project UUID # VERIFICATION_STAMP # Story: M1.03 — scripts/migrate_secrets.py # Verified By: parallel-builder # Verified At: 2026-02-25 # Tests: 16/16 # Coverage: 100% ) annotationsNz(/mnt/e/genesis-system/config/secrets.envz1/mnt/e/genesis-system/config/secrets.env.template> N8N_API_KEYGEMINI_API_KEYGOOGLE_API_KEYTELNYX_API_KEYANTHROPIC_API_KEYOPENROUTER_API_KEYGENESIS_PG_PASSWORDVAPI_PUBLIC_API_KEYVAPI_PRIVATE_API_KEYCLAUDE_GENESIS_API_KEYGENESIS_QDRANT_API_KEYGENESIS_REDIS_PASSWORDNEW_GENESIS_GEMINI_API_KEYELEVENLABS_AGILEADAPT_API_KEYcti}t|dd5}|D]}|j}|r|jdr'tjd|}|s@|j d}|j d}t |dk\r|d|d k(r |dd vr|dd }|||< d d d |S#1swY|SxYw) uQ Parse a .env file into a ``{key: value}`` dict. Rules: - Lines starting with ``#`` are comments → skipped - Blank lines → skipped - Values may be bare, single-quoted, or double-quoted - Inline comments (``KEY=VALUE # comment``) are NOT stripped (preserves values that legitimately contain ``#``) rutf-8encoding#z^([A-Za-z_][A-Za-z0-9_]*)=(.*)$r)"'N)openstrip startswithrematchgrouplen)pathsecretsfhraw_lineliner!key raw_values 0/mnt/e/genesis-system/scripts/migrate_secrets.pyparse_env_filer,9s!G dC' *)b )H>>#D4??3/HH?FEkk!n!KKN  Na'!! " 5!! 2 )!BI(  ))" N#)" NsAB-AB--B7c >gd}t|jD]7}|j|d|jj ddd9t |dd5}|j d j|d zd d d y #1swYy xYw) z.Write a .env.template with placeholder values.)z# Genesis Secrets Templatez.# Copy to secrets.env and fill in real values.z[# Production secret management: use Infisical (set INFISICAL_TOKEN + INFISICAL_PROJECT_ID).z.# NEVER commit secrets.env to version control.z=wrr N)sortedkeysappendlowerreplacerwritejoin)r% output_pathlinesr)r&s r+generate_templater<]s Eglln%K uGCIIK$7$7S$A#B&IJK k3 1*R 5!D()***s &$BBcD|tvryt|dkDr|dddzS|S)z0Return a display-safe representation of *value*.z***REDACTED*** Nz...)_HIGH_SENSITIVITYr#)r)values r+_preview_valuerBps/  5zBRay5  Lc l ddlm}t jjd}t jjd}|s tdt j d|s td t j dtd |d d }|jjj||d}d}|jD]8\}} |jj|||dtd||dz }:td|d|dt!|d|rt j dyy#t$r/tdtdt j dY~wxYw#t$r } td|d| |dz }Yd} ~ d} ~ wwxYw)zE  E   ]   T "D 77>>, ' / ~>?  \*G GCL> ~ >?g}-  01 || AB',,.) DC Bse3~c73<@AB C D #g,'VWX rC__main__)r$strreturndict[str, str])r%r~r:r|r}None)r)r|rAr|r}r|)r%r~r}r)N)rwzlist[str] | Noner}r)ro __future__rrlrUr rSrtrur@r,r<rBrcrz__name__rCr+rs].# 9 C ,H *&(^&!R zFrC