vault: session notes 2026-07-10

This commit is contained in:
Jared Swanson 2026-07-10 11:23:18 -04:00
parent b663a3f3da
commit 56ca5dddf5
3 changed files with 32 additions and 2 deletions

View File

@ -149,3 +149,16 @@ tags: [scope/global, type/log]
**Reason:** other
**Vault notes touched:**
(none)
## Session — 2026-07-10T14:52:23Z
**Project:** /home/jared/dev/cc-os
**Reason:** prompt_input_exit
**Vault notes touched:**
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
/home/jared/Documents/SecondBrain/reference/apprise-api-selfhosted-gotchas.md

View File

@ -8,7 +8,7 @@ tags:
scope: global
source: ovh-prod Planka deploy, 2026-07-08
date: 2026-07-08
last_updated: 2026-07-08
last_updated: 2026-07-10
---
# Planka v2 API Gotchas (verified on v2.1.1)
@ -27,7 +27,13 @@ Directly relevant to the `backlog` CLI in `~/dev/ruby-gems` and any Planka autom
3. **Card move needs both fields.** `PATCH /api/cards/:id` requires **both** `listId`
and `position`; `listId` alone returns `E_MISSING_OR_INVALID_PARAMS`.
4. **Project delete is not cascading.** `DELETE /api/projects/:id` returns 422
`"Must not have boards"` — delete each board first.
`"Must not have boards"` — delete each board first. The web UI hits the same
constraint but **fails silently**: the project vanishes locally, then reappears on
reload with no error shown (confirmed 2026-07-10 on the personal-account project).
A non-manager attempting the delete gets a 404 (existence hidden, same as gotcha #6).
Escape hatch when no manager creds are at hand: insert a row into `project_manager`
directly in Postgres (`docker exec planka-postgres psql -U planka`), then delete
boards + project via the API as that user.
5. **Sails literal-alias routes.** Some delete routes embed a literal parameter-name
segment: card-label detach is `DELETE /api/cards/:cardId/card-labels/labelId::labelId`
(the path literally contains `labelId:` before the id). Normal REST-shaped guesses 404.

View File

@ -68,5 +68,16 @@ issue #6269):
- **`bw unlock --passwordfile` reads only the first line**, so a trailing newline from an
editor (nvim etc.) is harmless.
## bw CLI scripting gotchas (verified 2026-07-10, credvault backup script)
- **`bw unlock` alone does not unlock the vault for subsequent commands** — you must
capture the session token (`BW_SESSION=$(bw unlock --passwordfile f --raw)`) and export
it. Without it, later `bw export`/`bw list` run against a locked vault; with stderr
silenced this looks like a hang or a missing-output failure.
- **`bw config server` fails while logged in** ("Logout required before server config
update"), even when setting the identical URL. Idempotent scripts must compare
`bw config server` (no args prints current) and skip when it matches.
- **`bw login --apikey` errors if already logged in** — guard with `bw login --check`.
Rule of thumb: any "Bitwarden supports X" claim from bitwarden.com/help must be re-verified
against the deployed Vaultwarden version before it becomes a security assumption.