Create Extract Secrets Script

[Morriz]

Objective

Create script to extract secrets from db.yml for migration to secrets/.

Prerequisites

None (script only, doesn't execute extraction)

Implementation Steps

See todos/IMPLEMENTATION.md lines 669-773 for complete script implementation.

Create bin/extract-secrets.py:

• Detect secret values using heuristics (keywords, patterns)
• Extract from db.yml plugins and project env vars
• Write to secrets/global.txt with deduplication notes
• Provide clear next steps for manual review

Success Criteria

• bin/extract-secrets.py created
• Script is executable
• Includes detection logic for secrets
• Outputs to secrets/global.txt with helpful comments

Estimated Time

1-2 hours

[Morriz]

@claude implement this

[claude]

Claude finished @Morriz's task —— View job • claude/issue-5-20251024-1645 • Create PR ➔

---

Completed Issue #5: Create Extract Secrets Script

Summary

Successfully created bin/extract-secrets.py script for extracting secrets from db.yml to secrets/ directory.

What was implemented

• Created bin/extract-secrets.py with comprehensive secret detection logic
• Script is executable (mode 755)
• Includes detection heuristics using keywords and patterns
• Outputs to secrets/global.txt with helpful comments
• Committed and pushed to branch

Implementation details

The script includes:

• Secret detection heuristics: Keywords (password, secret, key, token, api, auth, smtp, etc.) and patterns (long random strings, JWT/API key prefixes)
• Recursive extraction: Extracts from both plugins and projects[].env sections in db.yml
• Clear output: Writes to secrets/global.txt with comments and deduplication notes
• Next steps guidance: Provides clear instructions for manual review and SOPS encryption

Testing notes

• Script follows existing patterns from bin/backup.py and other scripts in the repository
• Uses standard shebang (#!/usr/bin/env python3)
• Includes helpful error messages and next steps for users

Branch & PR

• Branch: claude/issue-5-20251024-1645

---

| Branch