# Operator Setup Guide

## Timmy's Nostr Identity

Timmy uses a secp256k1 Nostr keypair for his on-chain identity. Without a
persisted key, Timmy generates a new ephemeral identity on every restart —
losing continuity with anyone who knew his previous `npub`.

### One-time setup

1. **Generate a keypair:**

   ```bash
   bash scripts/generate-timmy-nsec.sh
   ```

   This prints the `nsec1...` (private key), `npub1...` (public key), and an
   `export` line you can copy-paste.

2. **Set the environment variable** in your deployment environment:

   - **Replit:** Add `TIMMY_NOSTR_NSEC` in the Secrets tab (padlock icon).
   - **VPS (systemd):** Add to `/opt/timmy-tower/.env`:
     ```
     TIMMY_NOSTR_NSEC=nsec1...
     ```
   - **Local dev:** Export in your shell or add to a `.env` file:
     ```bash
     export TIMMY_NOSTR_NSEC="nsec1..."
     ```

3. **Restart the API server.** On startup you should see an `INFO` log:

   ```
   timmy-identity INFO timmy identity loaded from env { npub: "npub1..." }
   ```

   If you see a `WARN` instead, the env var is missing or malformed.

### Security

- The `nsec` is a private key — treat it like a password.
- Never commit it to version control.
- Never log it or expose it in API responses.
- If compromised, generate a new keypair and update all references to the old `npub`.