Skip to content

Secrets & access

No credential ever goes in a committed file, a chat log, or this wiki. If you’re about to paste a password, an API key, or a token somewhere — stop and check this page.

Kind of secretWhere it belongs
Dashboard integrations (SMS providers, Google Ads, Plaid, Stripe)Encrypted in the dashboard DB — edit via Admin → Integrations & API Keys
Server-level config (DB password, app key)The server’s .env file only
Site lead-delivery keys (Resend, Podium)Cloudflare Pages env vars, per project — remember: env-var changes need a redeploy to take effect
Anything a repo needs locallyA gitignored CLAUDE.local.md in that repo (auto-loads for Claude, never committed)

The committed CLAUDE.md in each repo = operational rules only, never credentials. That split means the safe half is in git and the sensitive half never leaves the machine/server.

  • Wiki: viewing should be gated with Cloudflare Access (email-based login) once live — it’s an internal manual. Editing requires a GitHub account with access to the bcb-wiki repo.
  • Dashboard: role-based — super_admin / admin / dispatch / finance. Give people the lowest role that does their job (dispatchers get dispatch, bookkeeping gets finance). Only a super_admin can grant elevated roles. See the roles table.
  • GitHub: repos are private under OwnerOperated. Collaborators get added per-repo.
  • Dashboard webhook signature errors → re-paste the signing secret in Admin → Integrations & API Keys.
  • Podium tokens are per Cloudflare Pages project — when rotating, update every site project and redeploy each one (env vars bind only on a new deployment).
  • If Google Ads metrics stop pulling, the OAuth refresh token likely expired — regenerate and re-save in Integrations.