Main Site โ†—
SkillHubSkillHub
SKILLHUB
Back to ListFrom collection "marketing-skills"

env-secrets-manager

by alirezarezvani8.5k765GitHub

Env & Secrets Manager

Unlock Deep Analysis

Use AI to visualize the workflow and generate a realistic output preview for this skill.

Powered by Fastest LLM

Development
Compatible Agents
Claude Code
Claude Code
~/.claude/skills/
Codex CLI
Codex CLI
~/.codex/skills/
Gemini CLI
Gemini CLI
~/.gemini/skills/
O
OpenCode
~/.opencode/skills/
O
OpenClaw
~/.openclaw/skills/
GitHub Copilot
GitHub Copilot
~/.copilot/skills/
Cursor
Cursor
~/.cursor/skills/
W
Windsurf
~/.codeium/windsurf/skills/
C
Cline
~/.cline/skills/
R
Roo Code
~/.roo/skills/
K
Kiro
~/.kiro/skills/
J
Junie
~/.junie/skills/
A
Augment Code
~/.augment/skills/
W
Warp
~/.warp/skills/
G
Goose
~/.config/goose/skills/
SKILL.md

Env & Secrets Manager

Tier: POWERFUL Category: Engineering Domain: Security / DevOps / Configuration Management

Overview

Manage environment-variable hygiene and secrets safety across local development and production workflows. This skill focuses on practical auditing, drift awareness, and rotation readiness.

Core Capabilities

  • .env and .env.example lifecycle guidance
  • Secret leak detection for repository working trees
  • Severity-based findings for likely credentials
  • Operational pointers for rotation and containment
  • Integration-ready outputs for CI checks

When to Use

  • Before pushing commits that touched env/config files
  • During security audits and incident triage
  • When onboarding contributors who need safe env conventions
  • When validating that no obvious secrets are hardcoded

Quick Start

# Scan a repository for likely secret leaks
python3 scripts/env_auditor.py /path/to/repo

# JSON output for CI pipelines
python3 scripts/env_auditor.py /path/to/repo --json

Recommended Workflow

  1. Run scripts/env_auditor.py on the repository root.
  2. Prioritize critical and high findings first.
  3. Rotate real credentials and remove exposed values.
  4. Update .env.example and .gitignore as needed.
  5. Add or tighten pre-commit/CI secret scanning gates.

Reference Docs

  • references/validation-detection-rotation.md
  • references/secret-patterns.md

Common Pitfalls

  • Committing real values in .env.example
  • Rotating one system but missing downstream consumers
  • Logging secrets during debugging or incident response
  • Treating suspected leaks as low urgency without validation

Best Practices

  1. Use a secret manager as the production source of truth.
  2. Keep dev env files local and gitignored.
  3. Enforce detection in CI before merge.
  4. Re-test application paths immediately after credential rotation.

Source: https://github.com/alirezarezvani/claude-skills#.gemini-skills-env-secrets-manager

Content curated from original sources, copyright belongs to authors

Grade B
-AI Score
Best Practices
Checking...
Try this Skill

User Rating

USER RATING

0UP
0DOWN
Loading files...

WORKS WITH

Claude Code
Claude
Codex CLI
Codex
Gemini CLI
Gemini
O
OpenCode
O
OpenClaw
GitHub Copilot
Copilot
Cursor
Cursor
W
Windsurf
C
Cline
R
Roo
K
Kiro
J
Junie
A
Augment
W
Warp
G
Goose