vaultsovereign/vm-cloud
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
54f34ea2ce40a1b6812b3e1354f61149cd158262
vm-cloud/README.md
Vault Sovereign 54f34ea2ce upgrade to v0.2.0 vaultmesh artifact
2025-12-26 21:07:28 +00:00

1.5 KiB
Raw Blame History

vm-cloud

Hetzner Cloud operator CLI (vmc) with audit-ready receipts, plan/apply safety, and a tamper-evident local ledger.

Quick start

  1. Install deps
npm install
  1. Configure Hetzner token

Create ~/.env (recommended) or a project .env with:

HCLOUD_TOKEN=xxx
  1. Run
# dev (runs TS directly)
npm run dev -- --help

# or
./bin/vmc --help

Commands

Read-only

vmc servers list
vmc snapshot servers
vmc research new "Hetzner Baseline YYYY-MM-DD"
vmc research append --from outputs/hetzner/servers-*.json

Mutations (safe)

All mutations:

  • resolve server by id/name (exact first, partial only when unambiguous)
  • require confirmation (or --yes)
  • write a receipt to outputs/receipts/
  • acquire a per-server lock (~/.cache/vm-cloud/locks/<id>.lock) to prevent concurrent ops

Plan (dry-run)

vmc servers labels <name|id> env=prod owner=ops --dry-run
# => outputs/plans/plan-*.json with SHA256+BLAKE3

Apply

vmc apply --plan outputs/plans/plan-*.json --yes --reason "change ticket / intent"

Ledger + verification

vmc verify receipt outputs/receipts/<file>.json --head --plan --sig
vmc verify chain --head --sig

Signing

vmc keygen
vmc sign receipt outputs/receipts/<file>.json

Merkle receipts

vmc merkle receipts
# => outputs/ledger/merkle-*.json (root over receipt blake3 chain)

Safety notes

  • Never commit .env or outputs/ or node_modules/ (see .gitignore).
  • Rotate any leaked tokens immediately.
Reference in New Issue View Git Blame Copy Permalink