Skip to content

thecompanyco01/vega-academy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security Notes (Credentials Hygiene)

This repo intentionally supports local operations via .env.local (gitignored). Do not commit secrets or service-account keys.

Google Search Console (GSC) service-account key migration/rotation plan

Objective: reduce risk from keeping a GSC service-account JSON key inside the repo (even if gitignored).

1) Migrate key storage outside the repo (human steps)

  1. Choose a location outside the repo, e.g.:
    • ~/.config/fractionalcfoschool/credentials/gsc-service-account.json
  2. Create the folder and move the key:
    • mkdir -p ~/.config/fractionalcfoschool/credentials
    • mv ./.gcloud-service-account.json ~/.config/fractionalcfoschool/credentials/gsc-service-account.json
  3. Lock down file permissions:
    • chmod 600 ~/.config/fractionalcfoschool/credentials/gsc-service-account.json
  4. Update .env.local to point GOOGLE_APPLICATION_CREDENTIALS at the new absolute path.
  5. Ensure the old key file is removed from the repo working tree and never committed:
    • If it was ever committed, remove it from git history and rotate immediately.

2) Rotate the key in GCP (human steps)

  1. In Google Cloud Console: IAM & Admin → Service Accounts → select the service account → Keys.
  2. Create a new key (JSON) and download it to the external location above.
  3. Update local .env.local to point to the new key path.
  4. Run python3 scripts/company_snapshot.py --section seo and confirm GSC data is present (no gsc_error).
  5. After verification, delete/disable the old key in the Console.

3) Recommended long-term direction (optional)

Prefer keyless auth for production workloads (e.g. Workload Identity / short-lived credentials) or store keys only in a secret manager and mount them at runtime. Keep this repo key-free.

About

Vega Academy — Online courses helping bookkeepers transition to advisory & fractional CFO services

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages