Infrastructure on Derek's Guides

Hermes as a GitOps SRE Assistant

Sat, 13 Jun 2026 00:00:00 +0000

Hermes is most useful when it acts like an SRE assistant, not a magic production button. The workflow is simple: investigate, plan, change the source of truth, validate the result, and document what happened.

That order matters.

Operating Principles

My homelab has a few rules for Hermes-driven work:

Forgejo is the source of truth for private infrastructure state.
GitHub is the source of truth for public guides like this site.
Komodo manages Docker Compose infrastructure and management-plane stacks.
ArgoCD manages Kubernetes application workloads.
Talos nodes are immutable. No SSH archaeology, no hand-edited snowflakes.
Secrets stay out of chat and docs. Use 1Password, environment references, or SOPS-encrypted files.
Documentation is part of the task. If it is not documented, it did not happen.

Hermes can help with every part of that flow, but it does not get to invent a new source of truth because it found a convenient command.

OpenClaw Secrets Management with 1Password

Sat, 14 Mar 2026 00:00:00 +0000

This guide walks through setting up 1Password as a centralized secret provider for OpenClaw. By the end, every API key, token, and credential in your OpenClaw config will resolve at runtime through 1Password — nothing sensitive stored in plaintext.

Prerequisites

OpenClaw installed and running
1Password account (personal or business)
1Password CLI (op) installed
Basic familiarity with OpenClaw’s openclaw.json config

Part 1: Install and Configure 1Password CLI

Install the CLI

# Ubuntu/Debian
curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
 sudo gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | \
 sudo tee /etc/apt/sources.list.d/1password.list

sudo apt update && sudo apt install 1password-cli

# Verify
op --version

Create a Service Account

For non-interactive (agent) access, you need a service account — not a personal sign-in.

OpenClaw + Hermes: Multi-Agent Infrastructure

Tue, 14 Apr 2026 00:00:00 +0000

Connect OpenClaw (Clawdia) to Hermes Agent for delegating infrastructure tasks via HTTP API. This lets you manage Docker, Kubernetes, and GitOps operations through conversational commands.

What You’ll Learn

When to use multi-agent architecture for infrastructure tasks
How to connect OpenClaw to Hermes via HTTP API
Configuring the Hermes integration skill
Querying Docker, deploying stacks, and managing GitOps
Security considerations for agent-to-agent communication

Why Multi-Agent?

Running everything in one agent creates a security problem. Infrastructure tasks need terminal and Docker access—capabilities you don’t want tied to your general-purpose assistant.