Reference - Credential Locations

Field	Value
Audience	Administrator
Vault	`https://vault.pittsfamily.me`
Agent account	`[email protected]`
Rule	Reference item names and fields only. Never paste passwords, tokens, API keys, or private keys.
Last verified	2026-06-12

Area	Vaultwarden item
Policy	`Broker Policy - Agent Scope Map`
Cloudflare	`Cloudflare - Global API Token - pittsfamily.me`
Cloudflare	`Cloudflare - API Token - NPM DNS`
Cloudflare	`Cloudflare - Tunnel Token - pittsfamily.me`
Cloudflare	`Clouflare - Zero Trust & DNS Token - pittsfamily.me`
Enphase	`Enphase - Account - Homeowner`
Home Assistant	`HA Token - AI Agent Admin`
Home Assistant	`HA Token - AI Agent Read Only`
Immich	`Immich - DB Credentials - Mnemosyne Staged`
MCP	`MCP Token - Agent-HA - Local Only`
MCP	`MCP Token - Broker Admin - Break Glass`
MCP	`MCP Token - Claude Code - MacBook`
MCP	`MCP Token - Codex - MacBook`
Mnemosyne	`Mnemosyne - SMB Account - Scanner`
Mnemosyne	`Mnemosyne - Secrets Bundle - Claude SSH & TrueNAS API`
VPN/torrent	`Mullvad - WireGuard Config - vpn-torrent`
NPM	`Nginx Proxy Manager - Account - Claude`
Pi-hole	`Pi-hole - Account - Admin`
Resend	`Resend - API Key - Home Assistant Email`
Roomba	`Roomba - Device Secret - Kanga Upstairs`
Roomba	`Roomba - Device Secret - Roo Living Room`
SSH	`SSH Key - Agent Admin`
SSH	`SSH Key - Cortex - sysadmin`
SSH	`SSH Key - HAOS - root`
SSH	`SSH Key - Mnemosyne - Claude`
SSH	`SSH Key - Proxmox1 - root`
SSH	`SSH Key - Proxmox2 - root`
TrueNAS	`TrueNAS - Account - Stephanie`
TrueNAS	`TrueNAS - Account - Zahe`
UniFi	`UniFi - AI-Agent Admin Local Login - Router`
UniFi	`UniFi - API Key - Router`
UniFi	`UniFi - WiFi PSK - Pitts IoT`
Vaultwarden	`Vaultwarden - Account - Claude`
Vaultwarden	`Vaultwarden - Admin Token - Server Admin`
Wiki.js	`Wiki.js - Account + API Key - Admin`

Issue	Impact	Action
Some item names still use old hyphen style or typos	Search may be inconsistent	Rename during a dedicated cleanup, not during emergency work.
`Archive` is human-only by default	Agents should not use archived credentials	Get explicit approval for any exception.
Credential values must never appear in docs	Secret leak risk	Use item names only.

¶ Reference - Credential Locations