aws-secrets-rotation
Automate AWS Secrets Rotation for RDS and API Keys
Manual secrets rotation is error-prone and often neglected. This skill provides production-ready Lambda functions and AWS CLI commands to automate credential rotation for databases and third-party services.
Descargar el ZIP de la skill
Subir en Claude
Ve a Configuración → Capacidades → Skills → Subir skill
Activa y empieza a usar
Pruébalo
Usando "aws-secrets-rotation". Set up rotation for production RDS credentials
Resultado esperado:
Rotation enabled for prod/db/mysql with 30-day schedule. Lambda function arn:aws:lambda:us-east-1:123456789012:function:SecretsManagerRDSMySQLRotation will automatically rotate credentials. First rotation initiated.
Usando "aws-secrets-rotation". Audit all secrets for rotation compliance
Resultado esperado:
Compliant Secrets: 12
Non-Compliant Secrets: 3
Non-Compliant Details:
- dev/test/api-key: Rotation not enabled
- staging/db/postgres: Not rotated in 127 days
- legacy/service-token: Never rotated
Auditoría de seguridad
SeguroAll 70 static findings are false positives. The skill contains legitimate AWS CLI documentation, Lambda rotation code examples, and compliance tracking scripts. External command patterns are bash examples in markdown code blocks demonstrating AWS API usage. Network references are official AWS and Stripe API endpoints. No malicious patterns detected.
Puntuación de calidad
Lo que puedes crear
DevOps Engineer Automating Database Credential Rotation
Set up 30-day automatic rotation for production RDS MySQL credentials using AWS-managed Lambda templates with CloudWatch monitoring for rotation failures.
Security Team Implementing Compliance Requirements
Deploy rotation policies for all secrets, generate quarterly compliance reports showing rotation status, and configure alerts for overdue rotations.
Developer Rotating Third-Party API Keys
Create custom Lambda function to rotate Stripe API keys by calling their API, validating new keys, and revoking old credentials automatically.
Prueba estos prompts
Create an AWS secret for my production MySQL database with username admin, host mydb.cluster-abc.us-east-1.rds.amazonaws.com, port 3306, and database myapp
Set up automatic rotation every 30 days for my RDS MySQL secret using the AWS-managed Lambda rotation function
Create a Lambda function that rotates Stripe API keys by calling the Stripe API to generate new keys, test them, and revoke old ones
Generate a compliance report listing all secrets without rotation enabled and those not rotated in over 90 days
Mejores prácticas
- Test rotation in non-production environments before deploying to production
- Configure CloudWatch alarms to alert on rotation failures within 5 minutes
- Maintain runbooks documenting emergency rotation procedures for compromised credentials
Evitar
- Hardcoding secrets in application code instead of retrieving from Secrets Manager
- Setting rotation intervals longer than 90 days for sensitive credentials
- Rotating secrets without testing application compatibility first
Preguntas frecuentes
What AWS permissions are required to use this skill?
Can this rotate secrets for non-AWS databases?
What happens if rotation fails?
How do I rotate a secret immediately after a breach?
Can applications access both old and new credentials during rotation?
Is there a cost for using automatic rotation?
Detalles del desarrollador
Autor
sickn33Licencia
MIT
Repositorio
https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security/aws-secrets-rotationRef.
main
Estructura de archivos
📄 SKILL.md