security-infralisted

Infrastructure security, headers, encryption, and compliance. Use when: (1) Configuring security headers (CSP, CORS, HSTS), (2) Setting up HTTPS/TLS, (3) Data encryption at rest/transit, (4) Implementing compliance (GDPR, PCI-DSS), (5) Secrets management. Auto-detects: helmet, csp, cors, hsts, https, tls, ssl, encrypt, gdpr, pci-dss, compliance, secret, vault, kms
murtazatouqeer/f5-framework-claude · ★ 0 · DevOps & Infrastructure · score 75

Install: claude install-skill murtazatouqeer/f5-framework-claude

# Security Infrastructure Skill Infrastructure security, headers, encryption, and compliance patterns. ## Quick Reference ### Security Headers | Header | Purpose | Value | |--------|---------|-------| | Content-Security-Policy | XSS prevention | Restrict sources | | X-Frame-Options | Clickjacking | DENY | | Strict-Transport-Security | Force HTTPS | max-age=31536000 | | X-Content-Type-Options | MIME sniffing | nosniff | | Referrer-Policy | Leak prevention | strict-origin | ## Helmet.js Configuration ```typescript import helmet from 'helmet'; app.use(helmet({ contentSecurityPolicy: { directives: { defaultSrc: ["'self'"], scriptSrc: ["'self'"], styleSrc: ["'self'", "'unsafe-inline'"], imgSrc: ["'self'", "data:", "https:"], objectSrc: ["'none'"], frameAncestors: ["'none'"], }, }, hsts: { maxAge: 31536000, includeSubDomains: true }, })); ``` ## Encryption (AES-256-GCM) ```typescript import crypto from 'crypto'; function encrypt(plaintext: string, key: Buffer): EncryptedData { const iv = crypto.randomBytes(12); const cipher = crypto.createCipheriv('aes-256-gcm', key, iv); let ciphertext = cipher.update(plaintext, 'utf8', 'base64'); ciphertext += cipher.final('base64'); return { ciphertext, iv: iv.toString('base64'), authTag: cipher.getAuthTag().toString('base64'), }; } function decrypt(data: EncryptedData, key: Buffer): string { const decipher = crypto.createDecipheriv( 'aes-256-gcm', k