# 密钥位置索引（不含明文）

更新时间：2026-05-16T15:48:37+0800

> 本文件只记录 key 应该写在哪里，以及哪些变量名代表哪些能力；不记录任何明文值。

## Hermes 本地 `.env`

| profile | .env path | MX_AI_API_KEY | MX_AI_API_KEY_2 | MX_AI_API_KEYS | LIBTV_ACCESS_KEY | NAS_SMB_PASSWORD | OPENAI_API_KEY | OPENROUTER_API_KEY | FEISHU_APP_ID | FEISHU_APP_SECRET |
|---|---|---|---|---|---|---|---|---|---|---|
| `default` | `/Users/bot1/.hermes/.env` | present | present | present | present | missing | missing | missing | present | present |
| `designer1` | `/Users/bot1/.hermes/profiles/designer1/.env` | present | present | present | present | missing | missing | missing | present | present |
| `designer2` | `/Users/bot1/.hermes/profiles/designer2/.env` | present | present | present | present | missing | missing | missing | present | present |
| `designer3` | `/Users/bot1/.hermes/profiles/designer3/.env` | present | missing | missing | present | missing | missing | missing | present | present |
| `finance` | `/Users/bot1/.hermes/profiles/finance/.env` | present | missing | missing | present | missing | missing | missing | present | present |
| `hr` | `/Users/bot1/.hermes/profiles/hr/.env` | missing | missing | missing | missing | missing | missing | missing | present | present |
| `it` | `/Users/bot1/.hermes/profiles/it/.env` | present | present | present | missing | missing | missing | missing | present | present |
| `legal` | `/Users/bot1/.hermes/profiles/legal/.env` | present | missing | missing | present | missing | missing | missing | present | present |
| `meow-chan` | `/Users/bot1/.hermes/profiles/meow-chan/.env` | present | missing | missing | present | missing | missing | missing | present | present |
| `obsidian-bone` | `/Users/bot1/.hermes/profiles/obsidian-bone/.env` | present | missing | missing | present | missing | missing | missing | present | present |
| `operations` | `/Users/bot1/.hermes/profiles/operations/.env` | present | missing | missing | present | missing | missing | missing | present | present |
| `queens-favorite` | `/Users/bot1/.hermes/profiles/queens-favorite/.env` | present | missing | missing | present | missing | missing | missing | present | present |
| `video` | `/Users/bot1/.hermes/profiles/video/.env` | missing | missing | missing | missing | missing | missing | missing | present | missing |
| `visual-operator` | `/Users/bot1/.hermes/profiles/visual-operator/.env` | present | missing | missing | present | missing | missing | missing | present | present |

## OpenAI Codex / ChatGPT OAuth

bot1 使用中心凭证：

```text
/Users/bot1/.hermes/shared-auth/openai-codex-auth.json
```

各 profile 的 `auth.json` 应 symlink 到中心文件。只记录位置，不记录 JSON 正文。

## Feishu/Lark app secrets

Feishu/Lark app secret 只存在对应 profile 的 `.env` 或 Feishu Open Platform；不要复制到其他 profile，不写入 NAS 正文。

## 创作插件 key

- `MX_AI_API_KEY`：mxai 主 key，写入需要使用 mxai 的 Hermes profile `.env`。
- `MX_AI_API_KEY_2`：mxai 备用 key，写入同一批 profile `.env`。
- `MX_AI_API_KEYS`：mxai 多 key 列表，写入同一批 profile `.env`。
- `LIBTV_ACCESS_KEY`：libtv 访问 key，写入需要使用 libtv 的 profile `.env`。

## NAS/SMB key

- `NAS_SMB_PASSWORD`：bot1 当前存放在 `/Users/bot1/.hermes/secret-vault/nas-dxp4800-smb.env`。
- `NAS_HOST`、`NAS_SMB_USERNAME`、`NAS_SMB_SHARE` 可以记录；密码不记录。

## 云服务器 secrets

- 云上 Hermes profile secret：在 `/home/ubuntu/.hermes/.../.env`。
- WeChat JSSDK secret：在 `/etc/wechat-jssdk.env`。
- TLS 私钥：在 `/etc/nginx/ssl/wwyl.yipeng.online/privkey.key`。