Context
The current Google OAuth Client Secret (used by the server for the Drive integration) was rotated on 2026-05-16. The previous value was pasted into a Claude Code transcript during the rotation, which means it lives in the local Claude session JSONL.
What to do
Rotate the Client Secret in the Google Cloud Console:
- https://console.cloud.google.com/apis/credentials
- Open the OAuth 2.0 Client used by 2anki.net
- "Reset Secret" / generate a new one
- Update `GOOGLE_CLIENT_SECRET` in the prod `.env` (server-level, not web-level)
- `pm2 restart server` on the prod box
- Verify the Drive flow still works end-to-end (pick a Doc, see it convert)
Why now vs. urgent
The transcript is on Alexander's local machine, gitignored, not pushed anywhere. So this is defense-in-depth rotation, not a live incident. But it's the kind of thing that's painless to do now and painful to do later under pressure.
Context
The current Google OAuth Client Secret (used by the server for the Drive integration) was rotated on 2026-05-16. The previous value was pasted into a Claude Code transcript during the rotation, which means it lives in the local Claude session JSONL.
What to do
Rotate the Client Secret in the Google Cloud Console:
Why now vs. urgent
The transcript is on Alexander's local machine, gitignored, not pushed anywhere. So this is defense-in-depth rotation, not a live incident. But it's the kind of thing that's painless to do now and painful to do later under pressure.