← ClaudeAtlas

env-secrets-managerlisted

Environment variable hygiene, secret leak detection, and credential rotation workflows. TRIGGER when: working with .env files, secret management, credential rotation, pre-commit secret scanning, or investigating leaked credentials. DO NOT TRIGGER when: general config file editing, non-secret environment setup, or infrastructure provisioning (use relevant infra skill).
DROOdotFOO/agent-skills · ★ 1 · AI & Automation · score 75
Install: claude install-skill DROOdotFOO/agent-skills
# Env & Secrets Manager Manage environment-variable hygiene and secrets safety across local development and production workflows. Covers auditing, leak detection, rotation, and preventive controls. ## What You Get - Secret leak detection with regex-based scanning (staged files and git history) - Severity-based findings (critical/high/medium) with response playbook - Credential rotation workflows (AWS, Stripe, GitHub PAT, DB, JWT) - Cloud secret store integration guidance (Vault, AWS SM, Azure KV, GCP SM) - CI/CD secret injection patterns (GitHub Actions, GitLab CI) - Pre-commit detection setup (gitleaks, detect-secrets) ## When to Use - Before pushing commits that touched env/config files - During security audits and incident triage - When onboarding contributors who need safe env conventions - When validating that no obvious secrets are hardcoded ## Recommended Workflow 1. Scan the repository for likely secret leaks (see `references/secret-patterns.md`) 2. Prioritize `critical` and `high` findings first 3. Rotate real credentials and remove exposed values 4. Update `.env.example` and `.gitignore` as needed 5. Add or tighten pre-commit/CI secret scanning gates ## WRONG: secrets in code and examples ```bash # WRONG: real credentials in .env.example DATABASE_URL=postgres://admin:s3cret@prod.db.internal/myapp STRIPE_SECRET_KEY=sk_live_abc123xyz ``` ## CORRECT: placeholders only ```bash # CORRECT: .env.example with safe placeholders DATABASE_URL=postgres://user:passwor