# Runner-side secrets fixtures (TEST ONLY)

These files are loaded by pymavlink / msp_gps_toy when the runner needs
to participate in a signed-message handshake (FT-P-09-AP, NFT-SEC-03).

## Files

| File | Format | Consumer |
|------|--------|----------|
| `mavlink-test-passkey.txt` | `# header line` + 64-hex passkey | Runner-side test fixture (AZ-407 AC-5 deliverable) |

The secret encoded here MUST match the bytes in
`e2e/docker/secrets/mavlink_passkey` (which is the raw 64-hex passkey
consumed by mavproxy as a Docker secret — no comment header allowed
in that file's body). The unit test
`e2e/_unit_tests/test_directory_layout.py::test_passkey_files_match`
strips the comment header before comparing.

## Provenance

The 64-hex value `0123456789abcdef…0123456789abcdef` is the canonical
"all-test-zeros-and-evens" pattern. It is **NOT** cryptographically
secure and MUST NEVER be used in any production deployment.

Production deployments provision the passkey via a real secret store
at deploy time per `_docs/02_document/tests/environment.md`
§ Communication with system under test.

## License

Synthetic — no third-party material. Covered by this repository's
license.