Vault API Wired to GMKtec
The Obsidian Local REST API key is now stored in n8n's credential store and confirmed reachable from the GMKtec node. No hardcoded secrets, one curl to prove it.
The Obsidian Local REST API was already running on the Mac, but the key was sitting inline in a test script. Two things needed fixing before this could be treated as stable: the secret needed to move into n8n’s credential store, and the GMKtec node needed to prove it could reach the vault over Tailscale.
First, the credential. In n8n, a new Header Auth credential holds Authorization: Bearer <key>. Nothing else in the workflow touches the raw string. The n8n credential store encrypts at rest, so this satisfies the same bar as any other service secret in the lab.
Second, the reachability check from the GMKtec:
curl -H "Authorization: Bearer KEY" http://[ip]:27124/vault/Got back a JSON listing of the vault root. That confirms the Mac is advertising the API on the Tailscale interface and the GMKtec can hit it without any extra firewall work.
- n8n Header Auth credential (Obsidian REST API key)
What this unblocks
Any workflow running on the GMKtec can now write to or read from the Obsidian vault using the stored credential. The next step in Phase 1B is wiring actual workflow nodes to that credential — reading vault structure and writing notes programmatically rather than through one-off curl calls.