Modpol/agentic-govbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document security and credential management in main docs

Browse Source 
Updated README.md:
- Added prominent security warning about config.yaml containing secrets
- Clarified that config.yaml is gitignored and never committed
- Added step-by-step Quick Start with security notes
- Added "Security Note" section listing protected files
- Added Documentation section linking to all guides including SECURITY.md
- Added note about API keys stored in ~/.llm/keys.json

Updated QUICKSTART.md:
- Added security warning box when copying config.yaml
- Explained that file contains secrets and is gitignored
- Added reference to SECURITY.md for complete guidance

Updated MASTODON_SETUP.md:
- Added prominent link to SECURITY.md at top of Security Considerations
- Clarified that credential files are gitignored
- Added note about *_clientcred.secret and *_usercred.secret files

All documentation now clearly explains:
- Where secrets go (config.yaml, ~/.llm/keys.json)
- What's protected by .gitignore
- Where to find complete security information (SECURITY.md)
- How to safely configure the bot

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Nathan Schneider
2026-02-06 17:26:43 -07:00
parent ff5ac21f68
commit 98eef7bf5c
3 changed files with 66 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
MASTODON_SETUP.md
View File

@@ -313,9 +313,12 @@ python -c "from src.govbot.db.models import init_db; init_db('govbot.db')"
## Security Considerations ## Security Considerations
**📖 See [SECURITY.md](SECURITY.md) for the complete security guide.**
### Credentials ### Credentials
- **Never commit** `config/config.yaml` to version control - **Never commit** `config/config.yaml` to version control (it's in `.gitignore`)
- **Never commit** `*_clientcred.secret` or `*_usercred.secret` files (also gitignored)
- Store credentials securely - Store credentials securely
- Use environment variables for production: - Use environment variables for production:
```bash ```bash

9
QUICKSTART.md
View File

@@ -32,11 +32,16 @@ pip install -e .
# Copy example config # Copy example config
cp config/config.example.yaml config/config.yaml cp config/config.example.yaml config/config.yaml
# Edit with your settings # Edit with your credentials and settings
# At minimum, update the AI model configuration
nano config/config.yaml nano config/config.yaml
``` ```
**⚠️ IMPORTANT - Security Notice**:
- `config/config.yaml` contains your secrets (API tokens, passwords)
- This file is automatically gitignored - it will NEVER be committed
- Never share this file or commit it to version control
- See [SECURITY.md](SECURITY.md) for complete security guidance
For local models with Ollama: For local models with Ollama:
```yaml ```yaml
ai: ai:

61
README.md
View File

@@ -65,13 +65,42 @@ uv pip install -e .
uv pip install -e ".[dev]" uv pip install -e ".[dev]"
``` ```
## Configuration ## Quick Start
1. Copy `config/config.example.yaml` to `config/config.yaml` ### 1. Install Dependencies (above)
2. Edit with your settings:
- Mastodon instance URL and credentials ### 2. Configure (Credentials Required)
- AI model preferences (local/cloud)
- Path to your constitution file ```bash
# Copy the template
cp config/config.example.yaml config/config.yaml
# Edit with your credentials
nano config/config.yaml
```
**⚠️ IMPORTANT**: `config/config.yaml` contains your secrets and is automatically ignored by git. Never commit this file.
Configure:
- Platform credentials (Mastodon access tokens, Discord bot tokens, etc.)
- AI model settings (Ollama local models or cloud API keys)
- Constitution path and database location
For detailed setup instructions:
- **Mastodon**: See [MASTODON_SETUP.md](MASTODON_SETUP.md)
- **Security**: See [SECURITY.md](SECURITY.md) for credential management
### 3. Set AI API Keys (if using cloud models)
```bash
# For OpenAI
llm keys set openai
# For Anthropic Claude
llm keys set anthropic
```
These are stored securely in `~/.llm/keys.json` (also gitignored)
## Usage ## Usage
@@ -94,6 +123,24 @@ Your constitution should be a markdown file that describes:
See `constitution.md` for an example based on Social.coop's bylaws. See `constitution.md` for an example based on Social.coop's bylaws.
## Documentation
- **[QUICKSTART.md](QUICKSTART.md)** - Get started quickly with CLI testing
- **[MASTODON_SETUP.md](MASTODON_SETUP.md)** - Complete Mastodon deployment guide
- **[PLATFORMS.md](PLATFORMS.md)** - Guide for implementing new platform adapters
- **[SECURITY.md](SECURITY.md)** - Credential management and security best practices
- **[constitution.md](constitution.md)** - Example governance constitution
## Security Note
**Never commit these files** (already in `.gitignore`):
- `config/config.yaml` - Contains your credentials
- `govbot.db` - Your governance database
- `.env` files - Environment variables
- `*.token`, `*.key`, `*.secret` files
See [SECURITY.md](SECURITY.md) for complete security guide.
## Development Status ## Development Status
This is early-stage software. Current phase: Core infrastructure and agentic reasoning engine. This is early-stage software. Current phase: Core infrastructure and agentic reasoning engine.
@@ -105,3 +152,5 @@ This is early-stage software. Current phase: Core infrastructure and agentic rea
## Contributing ## Contributing
This project is in early development. Contributions and feedback welcome! This project is in early development. Contributions and feedback welcome!
**For platform developers**: See [PLATFORMS.md](PLATFORMS.md) to add support for Discord, Telegram, Matrix, or other platforms.