Read Ghost API key from .env instead of pass

Cron jobs can't reach the desktop gpg-agent, so pass-based key lookup failed unattended. The .env file in the skill directory works for both cron and interactive runs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-13 01:56:04 -04:00 · 2026-05-13 01:56:04 -04:00 · 497890d157
commit 497890d157
parent 0ce67392a4
2 changed files with 21 additions and 13 deletions
--- a/.claude/skills/weekly-review/publish_to_ghost.py
+++ b/.claude/skills/weekly-review/publish_to_ghost.py
@ -23,13 +23,14 @@ import sys
 import time
 import urllib.request
 from pathlib import Path
+from typing import NoReturn

 ADMIN_BASE = "https://blog.the-fulfillment.org/ghost/api/admin"
 API_VERSION = "v5.0"
 NEWSLETTER_SLUG = "default-newsletter"


-def die(msg: str, code: int = 1) -> None:
+def die(msg: str, code: int = 1) -> NoReturn:
    print(f"error: {msg}", file=sys.stderr)
    sys.exit(code)

@ -59,18 +60,23 @@ def mint_jwt(key_id: str, secret_hex: str) -> str:


 def get_api_key() -> tuple[str, str]:
-    """Read `pass show fulfillment/api-key`, split on colon."""
-    try:
-        out = subprocess.check_output(
-            ["pass", "show", "fulfillment/api-key"], text=True
-        ).strip()
-    except FileNotFoundError:
-        die("`pass` not found on PATH")
-    except subprocess.CalledProcessError as e:
-        die(f"`pass show fulfillment/api-key` failed: {e}")
-    if ":" not in out:
-        die("API key from pass is not in the expected id:secret form")
-    key_id, secret_hex = out.split(":", 1)
+    """Read GHOST_ADMIN_API_KEY=id:secret from .env in the skill directory."""
+    env_path = Path(__file__).parent / ".env"
+    if not env_path.is_file():
+        die(f"missing {env_path}")
+    value = None
+    for line in env_path.read_text().splitlines():
+        line = line.strip()
+        if not line or line.startswith("#"):
+            continue
+        if line.startswith("GHOST_ADMIN_API_KEY="):
+            value = line.split("=", 1)[1].strip().strip('"').strip("'")
+            break
+    if value is None:
+        die(f"GHOST_ADMIN_API_KEY not found in {env_path}")
+    if ":" not in value:
+        die("GHOST_ADMIN_API_KEY is not in the expected id:secret form")
+    key_id, secret_hex = value.split(":", 1)
    return key_id, secret_hex


--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+.env
+.cron.log