Secrets and Credentials
This document lists all secrets required for deployment. Never commit actual values to git.
Related: Takopi | Quartz | Cloudflare
Required Secrets
Telegram (for Takopi)
| Secret | How to get | Where to use |
|---|---|---|
TELEGRAM_BOT_TOKEN | @BotFather → /newbot | ~/.takopi/takopi.toml → bot_token |
TELEGRAM_CHAT_ID | API or @userinfobot | ~/.takopi/takopi.toml → chat_id |
TELEGRAM_USER_IDS | @userinfobot | ~/.takopi/takopi.toml → allowed_user_ids |
Cloudflare (for Quartz deployment)
| Secret | How to get | Where to use |
|---|---|---|
CLOUDFLARE_API_TOKEN | API Tokens | Environment variable or CLI |
CLOUDFLARE_ACCOUNT_ID | Dashboard URL | Reference only |
Required token permissions:
- Account > Cloudflare Pages > Edit
- Account > Account Settings > Read
- User > User Details > Read
GitHub (for git push)
| Secret | How to get | Where to use |
|---|---|---|
| SSH Private Key | ssh-keygen -t ed25519 | ~/.ssh/github_* |
| SSH Public Key | Generated with private | GitHub repo → Deploy Keys |
Claude (for Claude Code)
| Secret | How to get | Where to use |
|---|---|---|
| OAuth Token | claude login (browser OAuth) | ~/.claude/.credentials.json |
Note: Uses Claude Max subscription via OAuth, not API key.
Google Calendar (Service Account)
| Secret | How to get | Where to use |
|---|---|---|
| Service Account JSON Key | Google Cloud Console → Create Service Account | ~/.takopi/credentials/google-calendar-service-account.json |
Current setup:
- Project:
calendar-mcp-487708 - Service account:
calendar-mcp@calendar-mcp-487708.iam.gserviceaccount.com - Calendar access:
ccherya@gmail.com(read/write) - Permissions: File mode
600(owner read only)
Backup Strategy
Store these securely (not in git):
- Password manager (1Password, Bitwarden)
- Encrypted file on secure storage
- Environment variables on server
Quick Backup Command
# Create encrypted backup of secrets
cat > /tmp/secrets.txt << 'EOF'
TELEGRAM_BOT_TOKEN=xxx
TELEGRAM_CHAT_ID=xxx
CLOUDFLARE_API_TOKEN=xxx
CLOUDFLARE_ACCOUNT_ID=xxx
EOF
gpg -c /tmp/secrets.txt # Creates secrets.txt.gpg
rm /tmp/secrets.txt
# Store secrets.txt.gpg securelyRestore
gpg -d secrets.txt.gpg > /tmp/secrets.txt
source /tmp/secrets.txt
rm /tmp/secrets.txt