🔒 КРИТИЧНО: Видалено паролі/API ключі з документів + закрито NodePort

- Видалено всі паролі та API ключі з документів - Замінено на посилання на Vault - Закрито NodePort для Memory Service (тільки internal) - Створено SECURITY-ROTATION-PLAN.md - Створено ARCHITECTURE-150-NODES.md (план для 150 нод) - Оновлено config.py (видалено hardcoded Cohere key)
2026-01-10 09:46:03 -08:00
parent f7bf935a21
commit 3478dfce5f
5 changed files with 370 additions and 17 deletions
--- a/docs/MEMORY-MODULE-STATUS.md
+++ b/docs/MEMORY-MODULE-STATUS.md
@@ -75,7 +75,7 @@ Pod: neo4j-76f9cbbd87-nphr5
 Namespace: neo4j
 HTTP: 7474 (internal), 30474 (NodePort)
 Bolt: 7687 (internal), 30687 (NodePort)
-Auth: neo4j/DaarionNeo4j2026!
+Auth: neo4j/*** (Vault: neo4j/credentials)
 Plugins: APOC
 ```

@@ -137,7 +137,7 @@ Container: neo4j-daarion
 Status: Running ✅
 HTTP: 7474
 Bolt: 7687
-Auth: neo4j/DaarionNeo4j2026!
+Auth: neo4j/*** (Vault: neo4j/credentials)
 Image: neo4j:5.15-community
 Plugins: APOC
 ```
@@ -204,7 +204,7 @@ Image: postgres:16-alpine
 Status: Running ✅
 Port: 5432
 Database: daarion_main
-Auth: postgres/DaarionPostgres2026!
+Auth: postgres/*** (Vault: postgres/credentials)
 Schema: Agent Memory Schema (9 tables)
 ```

@@ -224,7 +224,7 @@ Image: neo4j:5.15-community
 Status: Running ✅
 HTTP: 7474
 Bolt: 7687
-Auth: neo4j/DaarionNeo4j2026!
+Auth: neo4j/*** (Vault: neo4j/credentials)
 Plugins: APOC
 ```

@@ -363,22 +363,22 @@ URL: http://80.77.35.151:8188 (via SSH tunnel)
 |---------|----------|------|
 | PostgreSQL NODE1 | K8s (daarion ns) | Via Vault → External Secrets |
 | PostgreSQL NODE2 | Docker :5432 | postgres (local) |
-| PostgreSQL NODE3 | Docker :5432 | postgres/DaarionPostgres2026! |
-| Memory Service NODE1 | K8s :30800 | No auth (internal) |
-| Memory Service NODE2 | Docker :8001 | No auth |
-| Memory Service NODE3 | K8s :8000 | No auth (hostNetwork) |
+| PostgreSQL NODE3 | Docker :5432 | postgres/*** (Vault) |
+| Memory Service NODE1 | K8s :30800 | JWT/mTLS (TODO) |
+| Memory Service NODE2 | Docker :8001 | JWT/mTLS (TODO) |
+| Memory Service NODE3 | K8s :8000 | JWT/mTLS (TODO) |
 | ComfyUI NODE2 | macOS App :8000 | No auth |
 | ComfyUI NODE3 | :8188 | No auth (SSH tunnel) |
-| Qdrant NODE1 | K8s (qdrant ns) | No auth (internal) |
-| Qdrant NODE2 | Docker :6333 | No auth |
-| Qdrant NODE3 | Docker :6333 | No auth |
-| Neo4j NODE1 | K8s :30474/:30687 | neo4j/DaarionNeo4j2026! |
-| Neo4j NODE2 | Docker :7474/:7687 | neo4j/DaarionNeo4j2026! |
-| Neo4j NODE3 | Docker :7474/:7687 | neo4j/DaarionNeo4j2026! |
+| Qdrant NODE1 | K8s (qdrant ns) | API key (Vault) |
+| Qdrant NODE2 | Docker :6333 | API key (Vault) |
+| Qdrant NODE3 | Docker :6333 | API key (Vault) |
+| Neo4j NODE1 | K8s :30474/:30687 | neo4j/*** (Vault) |
+| Neo4j NODE2 | Docker :7474/:7687 | neo4j/*** (Vault) |
+| Neo4j NODE3 | Docker :7474/:7687 | neo4j/*** (Vault) |
 | Ollama NODE1 | localhost:11434 | No auth |
 | Ollama NODE2 | localhost:11434 | No auth |
 | Ollama NODE3 | localhost:11434 | SSH tunnel required |
-| Cohere API | Memory Service | nOdOXnuepLku2ipJWpe6acWgAsJCsDhMO0RnaEJB |
+| Cohere API | Memory Service | *** (Vault: cohere/api_key) |

 ---