firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
87f3a007c9fd12fe1b7f01ed13cf8894327c5ef4
claude-skills-reference/docs/skills/engineering/env-secrets-manager.md
Reza Rezvani 2f57ef8948 feat(agenthub): add AgentHub plugin with cross-domain examples, SEO optimization, and docs site fixes 
- AgentHub: 13 files updated with non-engineering examples (content drafts,
  research, strategy) — engineering stays primary, cross-domain secondary
- AgentHub: 7 slash commands, 5 Python scripts, 3 references, 1 agent,
  dry_run.py validation (57 checks)
- Marketplace: agenthub entry added with cross-domain keywords, engineering
  POWERFUL updated (25→30), product (12→13), counts synced across all configs
- SEO: generate-docs.py now produces keyword-rich <title> tags and meta
  descriptions using SKILL.md frontmatter — "Claude Code Skills" in site_name
  propagates to all 276 HTML pages
- SEO: per-domain title suffixes (Agent Skill for Codex & OpenClaw, etc.),
  slug-as-title cleanup, domain label stripping from titles
- Broken links: 141→0 warnings — new rewrite_skill_internal_links() converts
  references/, scripts/, assets/ links to GitHub source URLs; skills/index.md
  phantom slugs fixed (6 marketing, 7 RA/QM)
- Counts synced: 204 skills, 266 tools, 382 refs, 16 agents, 17 commands,
  21 plugins — consistent across CLAUDE.md, README.md, docs/index.md,
  marketplace.json, getting-started.md, mkdocs.yml
- Platform sync: Codex 163 skills, Gemini 246 items, OpenClaw compatible

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 12:10:46 +01:00

2.6 KiB
Raw Blame History

title, description
title description
Env & Secrets Manager — Agent Skill for Codex & OpenClaw Env & Secrets Manager. Agent skill for Claude Code, Codex CLI, Gemini CLI, OpenClaw.

Env & Secrets Manager

:material-rocket-launch: Engineering - POWERFUL :material-identifier: `env-secrets-manager` :material-github: Source
Install: claude /plugin install engineering-advanced-skills

Tier: POWERFUL Category: Engineering Domain: Security / DevOps / Configuration Management

Overview

Manage environment-variable hygiene and secrets safety across local development and production workflows. This skill focuses on practical auditing, drift awareness, and rotation readiness.

Core Capabilities

  • .env and .env.example lifecycle guidance
  • Secret leak detection for repository working trees
  • Severity-based findings for likely credentials
  • Operational pointers for rotation and containment
  • Integration-ready outputs for CI checks

When to Use

  • Before pushing commits that touched env/config files
  • During security audits and incident triage
  • When onboarding contributors who need safe env conventions
  • When validating that no obvious secrets are hardcoded

Quick Start

# Scan a repository for likely secret leaks
python3 scripts/env_auditor.py /path/to/repo

# JSON output for CI pipelines
python3 scripts/env_auditor.py /path/to/repo --json

Recommended Workflow

  1. Run scripts/env_auditor.py on the repository root.
  2. Prioritize critical and high findings first.
  3. Rotate real credentials and remove exposed values.
  4. Update .env.example and .gitignore as needed.
  5. Add or tighten pre-commit/CI secret scanning gates.

Reference Docs

  • references/validation-detection-rotation.md
  • references/secret-patterns.md

Common Pitfalls

  • Committing real values in .env.example
  • Rotating one system but missing downstream consumers
  • Logging secrets during debugging or incident response
  • Treating suspected leaks as low urgency without validation

Best Practices

  1. Use a secret manager as the production source of truth.
  2. Keep dev env files local and gitignored.
  3. Enforce detection in CI before merge.
  4. Re-test application paths immediately after credential rotation.
Reference in New Issue View Git Blame Copy Permalink