#!/usr/bin/env bash set -euo pipefail TARGET_HOST="${TARGET_HOST:-mevnode}" TARGET_NAMESPACE="${TARGET_NAMESPACE:-trade-r001-canary}" SNAPSHOT_DIR="${SNAPSHOT_DIR:-$HOME/.local/share/trade-bootstrap/sol/trade-r001-canary-secrets}" SECRETS=( gitea-registry trade-api trade-basic-auth trade-dlob-rpc trade-frontend-tokens trade-hasura trade-ingestor-tokens trade-postgres ) ssh_target() { ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@" } install -d -m 700 "$SNAPSHOT_DIR" for secret_name in "${SECRETS[@]}"; do ssh_target "sudo k3s kubectl -n ${TARGET_NAMESPACE} get secret ${secret_name} -o json" \ > "${SNAPSHOT_DIR}/${secret_name}.json" chmod 600 "${SNAPSHOT_DIR}/${secret_name}.json" echo "Snapshotted ${secret_name} to ${SNAPSHOT_DIR}/${secret_name}.json" done echo "Secret snapshot ready at ${SNAPSHOT_DIR}"