# Deployment & Scripts Hardening Plan

## Goal
Replace placeholder secrets, document secure deployment paths, and ensure scripts support staging/production parity.

## Tasks

1. **Secrets Management**
   - [ ] Remove/test configs referencing placeholder keys (`MEV_BOT_ENCRYPTION_KEY`, keystore paths) and integrate with secret manager (Vault/SSM/etc.).
   - [ ] Update scripts to fetch secrets securely (env injection, sealed secrets).

2. **Run/Deploy Scripts**
   - [ ] Audit `scripts/run.sh`, `deploy-*.sh` for hard-coded endpoints; parameterise via config.
   - [ ] Add sanity checks before destructive actions (backups, diff of config).

3. **Docker/Compose**
   - [ ] Ensure compose files align with production environment (volumes, ports, metrics).
   - [ ] Provide sample `.env.production` with guidance on required variables.

4. **Rollback & Recovery**
   - [ ] Document rollback procedures, data backup steps, and log locations for investigation.

5. **Testing**
   - [ ] Add lint/checks for scripts (shellcheck) in CI.

## References
- `scripts/`, `docker-compose.*`
- `docs/6_operations/DEPLOYMENT_GUIDE.md`