secrets-vault-managerlisted

Use when the user asks to set up secret management infrastructure, integrate HashiCorp Vault, configure cloud secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), implement secret rotation, or audit secret access patterns.
ibragimov-oasis/vibe-coder · ★ 0 · DevOps & Infrastructure · score 49

Install: claude install-skill ibragimov-oasis/vibe-coder

# Secrets Vault Manager **Tier:** POWERFUL **Category:** Engineering **Domain:** Security / Infrastructure / DevOps --- ## Overview Production secret infrastructure management for teams running HashiCorp Vault, cloud-native secret stores, or hybrid architectures. This skill covers policy authoring, auth method configuration, automated rotation, dynamic secrets, audit logging, and incident response. **Distinct from env-secrets-manager** which handles local `.env` file hygiene and leak detection. This skill operates at the infrastructure layer — Vault clusters, cloud KMS, certificate authorities, and CI/CD secret injection. ### When to Use - Standing up a new Vault cluster or migrating to a managed secret store - Designing auth methods for services, CI runners, and human operators - Implementing automated credential rotation (database, API keys, certificates) - Auditing secret access patterns for compliance (SOC 2, ISO 27001, HIPAA) - Responding to a secret leak that requires mass revocation - Integrating secrets into Kubernetes workloads or CI/CD pipelines --- ## HashiCorp Vault Patterns ### Architecture Decisions | Decision | Recommendation | Rationale | |----------|---------------|-----------| | Deployment mode | HA with Raft storage | No external dependency, built-in leader election | | Auto-unseal | Cloud KMS (AWS KMS / Azure Key Vault / GCP KMS) | Eliminates manual unseal, enables automated restarts | | Namespaces | One per environment (dev/staging/prod) | Blas