documenso-security-basics

Featured

Implement security best practices for Documenso document signing integrations. Use when securing API keys, configuring webhooks securely, or implementing document security measures. Trigger with phrases like "documenso security", "secure documenso", "documenso API key security", "documenso webhook security".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Documenso Security Basics ## Overview Essential security practices for Documenso integrations: API key management, webhook verification, document access control, and self-hosted signing certificate configuration. ## Prerequisites - Documenso account with API access - Understanding of environment variables and secret management - Completed `documenso-install-auth` setup ## Instructions ### Step 1: API Key Security ```typescript // NEVER hardcode keys const BAD = new Documenso({ apiKey: "api_abc123..." }); // Exposed in source // ALWAYS use environment variables const GOOD = new Documenso({ apiKey: process.env.DOCUMENSO_API_KEY! }); ``` **Key management rules:** - Store in `.env` (never committed) or a secrets manager (Vault, AWS Secrets Manager) - Use team-scoped keys for team resources, personal keys for personal documents - Rotate keys on employee offboarding -- revoke in dashboard immediately - CI/CD: use masked/encrypted secrets (GitHub Secrets, GitLab CI variables) ```bash # .gitignore — always include .env .env.* !.env.example ``` ### Step 2: Key Rotation with Zero Downtime ```typescript // Support dual keys during rotation function getApiKey(): string { // Try primary first, fall back to secondary during rotation return process.env.DOCUMENSO_API_KEY_PRIMARY ?? process.env.DOCUMENSO_API_KEY_SECONDARY ?? (() => { throw new Error("No Documenso API key configured"); })(); } // Rotation procedure: // 1. Generate new key in Documenso dashboard // 2....

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI GitLab · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

documenso-install-auth

Install and configure Documenso SDK/API authentication. Use when setting up a new Documenso integration, configuring API keys, or initializing Documenso in your project. Trigger with phrases like "install documenso", "setup documenso", "documenso auth", "configure documenso API key".

2,266 Updated today
jeremylongshore
AI & Automation Featured

adobe-security-basics

Apply Adobe security best practices for OAuth credentials, secret rotation, I/O Events webhook signature verification, and least-privilege scoping. Use when securing API credentials, implementing webhook validation, or auditing Adobe security configuration. Trigger with phrases like "adobe security", "adobe secrets", "secure adobe", "adobe credential rotation", "adobe webhook signature".

2,266 Updated today
jeremylongshore
AI & Automation Featured

klaviyo-security-basics

Apply Klaviyo security best practices for API key management and access control. Use when securing API keys, configuring OAuth scopes, implementing webhook signature verification, or auditing Klaviyo security configuration. Trigger with phrases like "klaviyo security", "klaviyo secrets", "secure klaviyo", "klaviyo API key security", "klaviyo OAuth".

2,266 Updated today
jeremylongshore
AI & Automation Featured

documenso-data-handling

Handle document data, signatures, and PII in Documenso integrations. Use when managing document lifecycle, handling signed PDFs, or implementing data retention policies. Trigger with phrases like "documenso data", "signed document", "document retention", "documenso PII", "download signed pdf".

2,266 Updated today
jeremylongshore
AI & Automation Featured

bamboohr-security-basics

Apply BambooHR security best practices for API keys, webhook verification, and PII data handling compliance. Use when securing API keys, implementing webhook signature validation, or handling sensitive employee data from BambooHR. Trigger with phrases like "bamboohr security", "bamboohr secrets", "secure bamboohr", "bamboohr PII", "bamboohr data protection".

2,266 Updated today
jeremylongshore