From 5e0d80daf9f1737d470f5ce07863982bb1bc85ee Mon Sep 17 00:00:00 2001
From: Azreen Jamal <azreenjamal@MacBook-Air-Azreen.local>
Date: Tue, 3 Mar 2026 03:01:54 +0800
Subject: [PATCH] add infra credentials setup (gitignored secrets, shared
 template)

---
 .claude/infra.md.example | 37 +++++++++++++++++++++++++++++++++++++
 .gitignore               |  1 +
 CLAUDE.md                |  5 +++++
 3 files changed, 43 insertions(+)
 create mode 100644 .claude/infra.md.example

diff --git a/.claude/infra.md.example b/.claude/infra.md.example
new file mode 100644
index 0000000..5074e11
--- /dev/null
+++ b/.claude/infra.md.example
@@ -0,0 +1,37 @@
+# Infrastructure Access — TEMPLATE
+# Copy to .claude/infra.md and fill in real values.
+# Share the real file via 1Password / Vault / `age` encrypted blob — NEVER commit it.
+
+## Dokploy
+- **Dashboard**: https://dokploy.example.com
+- **API Token**: `dkp_...`
+- **SSH User**: `deploy`
+- **SSH Host**: `dokploy.example.com`
+- **SSH Port**: `22`
+- **SSH Key Path**: `~/.ssh/id_dokploy`   ← or reference a 1Password SSH key
+
+## Servers
+| Name       | IP / Host              | SSH User | Notes          |
+|------------|------------------------|----------|----------------|
+| prod-1     | 10.0.0.1               | deploy   | primary node   |
+| staging-1  | 10.0.0.2               | deploy   | staging node   |
+
+## Docker Registry
+- **Registry**: `ghcr.io/your-org`
+- **Username**: `bot`
+- **Token**: `ghp_...`
+
+## DNS / Cloudflare
+- **API Token**: `cf_...`
+- **Zone ID**: `...`
+
+## Monitoring
+- **Grafana URL**: https://grafana.example.com
+- **API Key**: `eyJ...`
+
+## Database
+- **Prod Postgres**: `postgres://user:pass@host:5432/db`
+- **Staging Postgres**: `postgres://user:pass@host:5432/db_staging`
+
+## Other Secrets
+<!-- Add anything else Claude Code needs to manage your infra -->
diff --git a/.gitignore b/.gitignore
index 063aec0..01d2ea1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ __pycache__/
 
 # API keys — never commit real credentials
 .env
+.claude/infra.md
 
 .pi/agent-sessions/
 
diff --git a/CLAUDE.md b/CLAUDE.md
index 7f119f9..2f7de7a 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1,5 +1,10 @@
 # Pi vs CC — Extension Playground
 
+## Infrastructure Access
+**Always read `.claude/infra.md` at the start of every session** — it contains live credentials and connection details.
+To set up: copy `.claude/infra.md.example` → `.claude/infra.md` and fill in real values.
+**Team distribution**: share the real file via 1Password shared vault (or `age`-encrypted blob, never git).
+
 Pi Coding Agent extension examples and experiments.
 
 ## Tooling