feat: simplify Gitea installation with local credential storage

- Removed Vault integration and environment-based secret management for simpler local setup
- Updated to store database credentials directly in .env file instead of secret manager
- Modified installation documentation to reflect local credential storage approach
- Added note about future Vault integration coming in ~6 months
- Simplified code by removing unused imports and dependencies (environment, secrets, zap)
- Updated log messages to reflect

Author: CodeMonkeyCybersecurity

cmd/create/gitea.go

@@ -6,14 +6,11 @@ package create
 import (
 	"fmt"
 
-	"github.com/CodeMonkeyCybersecurity/eos/pkg/environment"
 	eos "github.com/CodeMonkeyCybersecurity/eos/pkg/eos_cli"
 	"github.com/CodeMonkeyCybersecurity/eos/pkg/eos_io"
 	"github.com/CodeMonkeyCybersecurity/eos/pkg/gitea"
-	"github.com/CodeMonkeyCybersecurity/eos/pkg/secrets"
 	"github.com/spf13/cobra"
 	"github.com/uptrace/opentelemetry-go-extra/otelzap"
-	"go.uber.org/zap"
 )
 
 // CreateGiteaCmd represents the Gitea installation command
@@ -26,7 +23,7 @@ Gitea is a lightweight self-hosted Git service with a web interface.
 
 This command will:
 - Create installation directory at /opt/gitea
-- Generate secure database credentials
+- Generate secure database credentials in .env file
 - Create docker-compose.yml configuration
 - Deploy Gitea and PostgreSQL containers
 - Expose Gitea on port 8167 (HTTP) and 2222 (SSH)
@@ -35,31 +32,16 @@ Example:
   eos create gitea
 
 After installation, access Gitea at http://localhost:8167 and complete
-the initial setup wizard.`,
+the initial setup wizard.
+
+NOTE: Database credentials are stored in /opt/gitea/.env
+      (Vault integration coming in ~6 months)`,
 	RunE: eos.Wrap(func(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []string) error {
 		logger := otelzap.Ctx(rc.Ctx)
 		logger.Info("Starting Gitea installation")
 
-		// ASSESS: Discover environment
-		logger.Info("Discovering environment configuration")
-		envConfig, err := environment.DiscoverEnvironment(rc)
-		if err != nil {
-			return fmt.Errorf("failed to discover environment: %w", err)
-		}
-
-		logger.Info("Environment discovered",
-			zap.String("environment", envConfig.Environment),
-			zap.String("datacenter", envConfig.Datacenter))
-
-		// Initialize secret manager
-		logger.Info("Initializing secret manager")
-		secretManager, err := secrets.NewManager(rc, envConfig)
-		if err != nil {
-			return fmt.Errorf("failed to initialize secret manager: %w", err)
-		}
-
 		// Create installation configuration
-		config := gitea.DefaultInstallConfig(secretManager)
+		config := gitea.DefaultInstallConfig()
 
 		// INTERVENE: Delegate to pkg/gitea for business logic
 		if err := gitea.Install(rc, config); err != nil {

pkg/gitea/install.go

@@ -11,7 +11,6 @@ import (
 	"github.com/CodeMonkeyCybersecurity/eos/pkg/container"
 	"github.com/CodeMonkeyCybersecurity/eos/pkg/crypto"
 	"github.com/CodeMonkeyCybersecurity/eos/pkg/eos_io"
-	"github.com/CodeMonkeyCybersecurity/eos/pkg/secrets"
 	"github.com/CodeMonkeyCybersecurity/eos/pkg/shared"
 	"github.com/uptrace/opentelemetry-go-extra/otelzap"
 	"go.uber.org/zap"
@@ -27,18 +26,14 @@ type InstallConfig struct {
 
 	// SSHPort is the SSH port for Git operations (default: 2222)
 	SSHPort int
-
-	// SecretManager is the initialized secret manager for credential storage
-	SecretManager *secrets.Manager
 }
 
 // DefaultInstallConfig returns the default installation configuration
-func DefaultInstallConfig(secretManager *secrets.Manager) *InstallConfig {
+func DefaultInstallConfig() *InstallConfig {
 	return &InstallConfig{
-		InstallDir:    GiteaDir,
-		Port:          GiteaPort,
-		SSHPort:       GiteaSSHPort,
-		SecretManager: secretManager,
+		InstallDir: GiteaDir,
+		Port:       GiteaPort,
+		SSHPort:    GiteaSSHPort,
 	}
 }
 
@@ -105,33 +100,13 @@ func interveneInstall(rc *eos_io.RuntimeContext, config *InstallConfig) error {
 		}
 	}
 
-	// Step 3: Generate or retrieve database password
-	logger.Info("Managing secrets for Gitea")
-	requiredSecrets := map[string]secrets.SecretType{
-		"db_password": secrets.SecretTypePassword,
-	}
-	serviceSecrets, err := config.SecretManager.EnsureServiceSecrets(rc.Ctx, "gitea", requiredSecrets)
+	// Step 3: Generate database password
+	logger.Info("Generating database password")
+	dbPassword, err := crypto.GeneratePassword(32)
 	if err != nil {
-		// Fallback: generate password locally if secret manager fails
-		logger.Warn("Failed to manage secrets via secret manager, generating locally", zap.Error(err))
-		password, genErr := crypto.GeneratePassword(32)
-		if genErr != nil {
-			return fmt.Errorf("failed to generate password: %w", genErr)
-		}
-		serviceSecrets = &secrets.ServiceSecrets{
-			Secrets: map[string]interface{}{
-				"db_password": password,
-			},
-			Backend: "local",
-		}
-	}
-
-	dbPassword, ok := serviceSecrets.Secrets["db_password"].(string)
-	if !ok {
-		return fmt.Errorf("database password is not a string")
+		return fmt.Errorf("failed to generate database password: %w", err)
 	}
-	logger.Info("Secrets managed",
-		zap.String("backend", serviceSecrets.Backend))
+	logger.Debug("Database password generated")
 
 	// Step 4: Create docker-compose.yml
 	composeFilePath := filepath.Join(config.InstallDir, GiteaComposeFile)
@@ -189,7 +164,8 @@ func evaluateInstallation(rc *eos_io.RuntimeContext, config *InstallConfig) erro
 		zap.String("installation_directory", config.InstallDir),
 		zap.String("compose_file", filepath.Join(config.InstallDir, GiteaComposeFile)),
 		zap.String("data_directory", filepath.Join(config.InstallDir, "data")),
-		zap.String("database_password_location", "Retrieve via: eos read credentials --service gitea"))
+		zap.String("env_file", filepath.Join(config.InstallDir, ".env")),
+		zap.String("database_password_note", "Database password stored in .env file"))
 
 	logger.Info("Next steps",
 		zap.String("step_1", fmt.Sprintf("Navigate to http://%s:%d", shared.GetInternalHostname(), config.Port)),