# Operator Credentials and Secrets — Checklist **Purpose:** Before running Operator/LAN tasks, confirm you have the required credentials and access. **Does Operator/LAN have all necessary creds?** Use this checklist; if any row is **No**, obtain or set that credential before running the task. **Where to set:** Unless noted, use `smom-dbis-138/.env` (gitignored). Copy from `smom-dbis-138/.env.example` or see [REMAINING_WORK_DETAILED_STEPS](REMAINING_WORK_DETAILED_STEPS.md) for per-step blockers. **Operator scripts load dotenv automatically:** [run-all-operator-tasks-from-lan.sh](../../scripts/run-all-operator-tasks-from-lan.sh) and [run-operator-tasks-from-lan.sh](../../scripts/run-operator-tasks-from-lan.sh) source `scripts/lib/load-project-env.sh`, which loads repo root `.env` and `smom-dbis-138/.env`. No need to `source .env` before running. --- ## Required credentials (summary) | Credential / access | Used for | Where to set / get | |--------------------|----------|---------------------| | **LAN (192.168.11.x)** | NPMplus API, RPC, Blockscout, Proxmox | Be on same network or VPN | | **PRIVATE_KEY** (64-char hex, no 0x) | Chain 138 deploy, bridge send, any `forge script --broadcast` | `smom-dbis-138/.env` | | **RPC_URL_138** (Chain 138 Core) | Deploy, verify, on-chain check | e.g. `http://192.168.11.211:8545` in `.env` | | **NPM_PASSWORD** | NPMplus backup, proxy host updates (502 fix) | `smom-dbis-138/.env` or root `.env`; from NPMplus UI | | **SSH to Proxmox** (e.g. root@192.168.11.10) | run-all-maintenance-via-proxmox-ssh, VM/CT creation, token-aggregation fix | SSH key or password to Proxmox host | | **LINK** (on Chain 138 for bridge) | sendCrossChain (real); CCIP fees | Deployer wallet must hold LINK and approve bridge | | **Native gas (ETH/138)** | All Chain 138 deploys and txs | Deployer `0x4A66...` funded on 138 | | **Per-chain RPC + gas (Celo, Wemix, Gnosis)** | CCIP bridges deploy | CELO ~0.1, WEMIX ~0.4; RPC URLs in .env | | **ADD_LIQUIDITY_* amounts + token balance** | Add liquidity to PMM pools | Deployer holds cUSDT/cUSDC/USDT/USDC; set in .env or runbook | --- ## Per-task requirements (Operator/LAN) | Task | LAN | PRIVATE_KEY | NPM_PASSWORD | RPC_URL_138 | SSH Proxmox | Other | |------|-----|-------------|--------------|-------------|-------------|--------| | Full deployment order (Phase 0–6) | Yes | Yes | — | Yes | Optional | Gas on 138; per-phase env (see runbook) | | Add liquidity (PMM pools) | Yes | Yes | — | Yes | — | Token balance; ADD_LIQUIDITY_BASE_AMOUNT, ADD_LIQUIDITY_QUOTE_AMOUNT | | run-all-operator-tasks-from-lan (backup + verify) | Yes | — | Yes (backup) | Yes (verify) | Optional | Blockscout reachable | | run-all-operator-tasks-from-lan --deploy | Yes | Yes | Yes | Yes | Optional | Gas on 138 | | E2E 502 fix (address-all-remaining-502s) | Yes | — | Yes (NPMplus proxy update) | — | Yes (Besu fix) | Proxmox reachable | | Blockscout verification only | Yes | — | — | Yes | — | Host can reach explorer.d-bis.org | | Gnosis / Celo / Wemix CCIP bridges | Yes | Yes | — | Yes + per-chain RPC | — | Per-chain gas (xDAI, CELO, WEMIX); CCIP router/LINK addresses in .env | | LINK support on Mainnet relay | Yes | Yes (if deploy) | — | Yes | Yes (restart relay) | Mainnet RPC; LINK on mainnet if funding relay | | sendCrossChain (real) | Yes | Yes | — | Yes | — | LINK approved for bridge; recipient address | | NPMplus backup | Yes | — | Yes | — | — | NPMplus API reachable | | NPMplus RPC proxy fix (405) | Yes | — | Yes | — | — | — | | Token-aggregation DB + migrations | Yes | — | — | — | Yes | PostgreSQL on VMID 5000 or same host; DATABASE_URL | | Explorer Wallet link (edit nav) | — | — | — | — | Yes (to explorer VM) | SSH to VMID 5000 or host serving explorer | | E2E flow waves E1–E7 | Yes | Yes (if deploy/fund) | Yes (if NPM) | Yes | Optional | Depends on wave; see TASKS_TO_INCREASE_ALL_E2E_FLOWS | **—** = not required for that task. --- ## Quick verification (do you have them?) ```bash # From repo root, with smom-dbis-138/.env present: source smom-dbis-138/.env 2>/dev/null echo "PRIVATE_KEY set: $( [ -n "$PRIVATE_KEY" ] && echo yes || echo no )" echo "NPM_PASSWORD set: $( [ -n "$NPM_PASSWORD" ] && echo yes || echo no )" echo "RPC_URL_138 set: $( [ -n "$RPC_URL_138" ] && echo yes || echo no )" # LAN: ping or curl from your machine to 192.168.11.211:8545 (or your RPC host) # SSH: ssh root@192.168.11.10 (or your Proxmox host) echo ok ``` --- ## References - **Operator commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) - **LAN + secrets steps:** [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) - **Wave 0 (sendCrossChain, backup):** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-2, W0-3 - **Remaining summary:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md)