From 81a6d18c1ddad1b1336cf1a6b1beb2fd708e5169 Mon Sep 17 00:00:00 2001
From: Cobb Hayes <cobb@sulkta.com>
Date: Wed, 27 May 2026 09:17:22 -0700
Subject: [PATCH] Rotate AdaMaps ingest+read keys (env-required, no inline
 default)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previous values (adamaps-ingest-2026, adamaps-read-2026, mapnet-ingest-2026)
were inline defaults across adamaps + adacam-api + varroa. The ingest key
was briefly anon-visible during the 2026-05-27 Forgejo public-flip when
adacam-api + varroa were public for a short window before the leak was
spotted.

New values live in Vaultwarden:
  - AdaMaps — API_KEY (ingest)
  - AdaMaps — READ_KEY

Validators now hard-fail at boot if the env var is missing. Service is
on hold today; when it resumes, both env vars must be set.
---
 README.md            | 2 +-
 adacam_api/config.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 413c7c7..6770372 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ Config file: `/data/adacam/config.json`
 ```json
 {
   "device_id": "auto-generated UUID",
-  "adamaps_key": "adamaps-ingest-2026",
+  "adamaps_key": "<your-adamaps-ingest-key>",
   "adamaps_api": "https://api.adamaps.org",
   "ap_interface": "wlp1s0f0",
   "tunnel_host": "",
diff --git a/adacam_api/config.py b/adacam_api/config.py
index b425e69..2898690 100644
--- a/adacam_api/config.py
+++ b/adacam_api/config.py
@@ -8,7 +8,7 @@ FIRMWARE_VERSION = "adacam-1.0.0"
 
 _defaults = {
     "device_id": None,
-    "adamaps_key": "adamaps-ingest-2026",
+    "adamaps_key": "",
     "adamaps_api": "https://api.adamaps.org",
     "ap_interface": "wlp1s0f0",
     "tunnel_host": "",