Provision auth key sets for VPS-backed e2e

2026-03-31 14:49:06 +00:00 · 2026-03-23 03:00:32 +00:00
parent cb6ccd5394
commit b001d627e1
3 changed files with 19 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -83,12 +83,23 @@ Recommended env for VPS-backed runs:
 ```bash
 OPENBRAIN_E2E_REMOTE=true
 OPENBRAIN_E2E_BASE_URL=https://ob.ingwaz.work
-OPENBRAIN_E2E_API_KEY=your_live_api_key
+OPENBRAIN_E2E_API_KEY=your_ci_e2e_key
 OPENBRAIN__AUTH__ENABLED=true
 ```

 The CI workflow uses this remote mode after `main` deploys so e2e coverage validates the VPS deployment rather than the local runner host.

+For live deployments, prefer a dedicated key set rather than reusing one API key everywhere. The server already accepts a comma-separated key list via `OPENBRAIN__AUTH__API_KEYS`, so a practical split is:
+
+- `prod_live_key` for normal agent traffic
+- `ci_e2e_key` for post-deploy CI verification
+- `smoke_test_key` for ad hoc diagnostics
+
+In Gitea Actions, that means:
+
+- repo secret `OPENBRAIN__AUTH__API_KEYS=prod_live_key,ci_e2e_key,smoke_test_key`
+- repo secret `OPENBRAIN_E2E_API_KEY=ci_e2e_key`
+
 ## Agent Zero Developer Prompt

 For Agent Zero / A0, add the following section to the Developer agent role