Document which secrets each server process actually needs

[lwhite1]

Problem

The secrets.yaml file contains both database credentials and service (Windows remote) credentials. It's unclear which server processes need which entries, leading to confusion about what needs to be deployed where and potential security exposure from distributing more credentials than necessary.

Questions to answer

1. Which processes need the database password?
   Presumably all of them (ACQ_0, ACQ_1, STM, CTR) since they all open SSH-tunneled database connections for message queue polling and logging.

2. Which processes need the service/server passwords?
   The service passwords (ServerConfig.password) are used in netcomm/client.py for remote process management — tasklist, taskkill, SCHTASKS, and WMIC commands via /U and /P flags. This is only used by the CTR/GUI process when it launches and manages the ACQ and STM servers. The ACQ and STM servers themselves should not need these passwords.

3. What are the "wang" passwords and why do they work?
   The service passwords that currently work for remote process management (WMIC, tasklist, schtasks) don't match the actual Windows login passwords for those machines. Need to document what these passwords actually authenticate against and why the working values differ from the interactive login credentials.

Proposed deliverable

• Add a section to docs/arch/system_configuration.md (or a new doc) that maps each secret to:
  • Which process(es) consume it
  • What it authenticates against
  • Whether it's required or optional for each server role
• Minimize the secrets distributed to each machine (e.g., ACQ/STM machines should not need CTR's remote management passwords)

[lwhite1]

Confirmed: Service passwords are CTR-only

Code trace confirms the separation:

Database password (DatabaseConfig.password)

• Needed by: ALL processes (ACQ_0, ACQ_1, STM, CTR)
• Consumed in: metadator.get_database_connection() and resplit_xdf.py
• Used for: PostgreSQL authentication through SSH tunnel
• Every process calls make_db_logger() at startup, which requires a DB connection

Service passwords (ServerConfig.password)

• Needed by: CTR only
• Consumed in: netcomm/client.py only (lines 158, 168, 173, 218, 221, 224, 279)
• Used for: Remote Windows management (tasklist, taskkill, SCHTASKS, WMIC)
• Call chain: gui.py → SessionController.start_servers() → netcomm.client.start_server() → s.password.get_secret_value()
• server_acq.py and server_stm.py never import netcomm.client

What each machine needs in secrets.yaml

Machine	DB password	Service passwords	SSH key
CTR	Yes	Yes (all servers)	Yes
ACQ	Yes	No	Yes
STM	Yes	No	Yes

Remaining question: why the working service passwords differ from the interactive login passwords on those machines.