vault: session notes 2026-07-10
This commit is contained in:
parent
b663a3f3da
commit
56ca5dddf5
|
|
@ -149,3 +149,16 @@ tags: [scope/global, type/log]
|
||||||
**Reason:** other
|
**Reason:** other
|
||||||
**Vault notes touched:**
|
**Vault notes touched:**
|
||||||
(none)
|
(none)
|
||||||
|
|
||||||
|
## Session — 2026-07-10T14:52:23Z
|
||||||
|
|
||||||
|
**Project:** /home/jared/dev/cc-os
|
||||||
|
**Reason:** prompt_input_exit
|
||||||
|
**Vault notes touched:**
|
||||||
|
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
|
||||||
|
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
|
||||||
|
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
|
||||||
|
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
|
||||||
|
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
|
||||||
|
/home/jared/Documents/SecondBrain/vault-backlog-pilot-plan.md
|
||||||
|
/home/jared/Documents/SecondBrain/reference/apprise-api-selfhosted-gotchas.md
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ tags:
|
||||||
scope: global
|
scope: global
|
||||||
source: ovh-prod Planka deploy, 2026-07-08
|
source: ovh-prod Planka deploy, 2026-07-08
|
||||||
date: 2026-07-08
|
date: 2026-07-08
|
||||||
last_updated: 2026-07-08
|
last_updated: 2026-07-10
|
||||||
---
|
---
|
||||||
|
|
||||||
# Planka v2 API Gotchas (verified on v2.1.1)
|
# Planka v2 API Gotchas (verified on v2.1.1)
|
||||||
|
|
@ -27,7 +27,13 @@ Directly relevant to the `backlog` CLI in `~/dev/ruby-gems` and any Planka autom
|
||||||
3. **Card move needs both fields.** `PATCH /api/cards/:id` requires **both** `listId`
|
3. **Card move needs both fields.** `PATCH /api/cards/:id` requires **both** `listId`
|
||||||
and `position`; `listId` alone returns `E_MISSING_OR_INVALID_PARAMS`.
|
and `position`; `listId` alone returns `E_MISSING_OR_INVALID_PARAMS`.
|
||||||
4. **Project delete is not cascading.** `DELETE /api/projects/:id` returns 422
|
4. **Project delete is not cascading.** `DELETE /api/projects/:id` returns 422
|
||||||
`"Must not have boards"` — delete each board first.
|
`"Must not have boards"` — delete each board first. The web UI hits the same
|
||||||
|
constraint but **fails silently**: the project vanishes locally, then reappears on
|
||||||
|
reload with no error shown (confirmed 2026-07-10 on the personal-account project).
|
||||||
|
A non-manager attempting the delete gets a 404 (existence hidden, same as gotcha #6).
|
||||||
|
Escape hatch when no manager creds are at hand: insert a row into `project_manager`
|
||||||
|
directly in Postgres (`docker exec planka-postgres psql -U planka`), then delete
|
||||||
|
boards + project via the API as that user.
|
||||||
5. **Sails literal-alias routes.** Some delete routes embed a literal parameter-name
|
5. **Sails literal-alias routes.** Some delete routes embed a literal parameter-name
|
||||||
segment: card-label detach is `DELETE /api/cards/:cardId/card-labels/labelId::labelId`
|
segment: card-label detach is `DELETE /api/cards/:cardId/card-labels/labelId::labelId`
|
||||||
(the path literally contains `labelId:` before the id). Normal REST-shaped guesses 404.
|
(the path literally contains `labelId:` before the id). Normal REST-shaped guesses 404.
|
||||||
|
|
|
||||||
|
|
@ -68,5 +68,16 @@ issue #6269):
|
||||||
- **`bw unlock --passwordfile` reads only the first line**, so a trailing newline from an
|
- **`bw unlock --passwordfile` reads only the first line**, so a trailing newline from an
|
||||||
editor (nvim etc.) is harmless.
|
editor (nvim etc.) is harmless.
|
||||||
|
|
||||||
|
## bw CLI scripting gotchas (verified 2026-07-10, credvault backup script)
|
||||||
|
|
||||||
|
- **`bw unlock` alone does not unlock the vault for subsequent commands** — you must
|
||||||
|
capture the session token (`BW_SESSION=$(bw unlock --passwordfile f --raw)`) and export
|
||||||
|
it. Without it, later `bw export`/`bw list` run against a locked vault; with stderr
|
||||||
|
silenced this looks like a hang or a missing-output failure.
|
||||||
|
- **`bw config server` fails while logged in** ("Logout required before server config
|
||||||
|
update"), even when setting the identical URL. Idempotent scripts must compare
|
||||||
|
`bw config server` (no args prints current) and skip when it matches.
|
||||||
|
- **`bw login --apikey` errors if already logged in** — guard with `bw login --check`.
|
||||||
|
|
||||||
Rule of thumb: any "Bitwarden supports X" claim from bitwarden.com/help must be re-verified
|
Rule of thumb: any "Bitwarden supports X" claim from bitwarden.com/help must be re-verified
|
||||||
against the deployed Vaultwarden version before it becomes a security assumption.
|
against the deployed Vaultwarden version before it becomes a security assumption.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue