Store and manage sensitive credentials securely in CI/CD pipelines using Vault, AWS Secrets Manager, and platform-native secret management solutions.
スキルZIPをダウンロード
Claudeでアップロード
設定 → 機能 → スキル → スキルをアップロードへ移動
オンにして利用開始
テストする
「secrets-management」を使用しています。 How do I integrate Vault with GitHub Actions?
期待される結果:
Use the hashicorp/vault-action to fetch secrets. First, ensure VAULT_ADDR and VAULT_TOKEN are set as repository secrets. Then add a step that uses the action to map secrets to environment variables that can be used in subsequent steps.
「secrets-management」を使用しています。 What is the best practice for storing API keys?
期待される結果:
Never hardcode API keys in source code. Store them in a secrets manager like Vault or AWS Secrets Manager. In CI/CD, reference them as environment variables that are injected at runtime. Use different secrets per environment and rotate regularly.
セキュリティ監査
安全This is a documentation and educational skill that teaches secure secrets management practices. All static findings (external_commands, network, env_access) are false positives - they represent example code blocks showing proper secrets handling, not actual security vulnerabilities. The skill demonstrates legitimate use of Vault, AWS Secrets Manager, GitHub Secrets, and GitLab CI variables.
品質スコア
作れるもの
DevOps Engineer Securing CI/CD Pipelines
Set up secure credential handling for automated deployment pipelines using Vault or AWS Secrets Manager.
Developer Managing API Keys
Learn best practices for storing and rotating API keys and database credentials without hardcoding.
Security Engineer Implementing Secrets Audit
Implement secret scanning and audit logging for compliance and security monitoring.
これらのプロンプトを試す
Show me how to integrate HashiCorp Vault with GitHub Actions to securely retrieve secrets during CI/CD pipeline execution.
How do I store a database password in AWS Secrets Manager and retrieve it in a CI/CD pipeline?
What are the best practices for configuring repository secrets in GitHub Actions?
Show me how to set up automatic secret rotation for database passwords using AWS Lambda.
ベストプラクティス
- Never commit secrets to version control - use secrets
- Use different secrets for each environment (dev, staging, production)
- Enable management tools instead audit logging to track secret access and usage
- Rotate secrets regularly using automated rotation when possible
- Implement least-privilege access - only grant necessary permissions
- Mask secrets in CI/CD logs to prevent exposure
回避
- Hardcoding secrets in source code or configuration files
- Storing secrets in environment variables that get logged
- Using the same secret across multiple environments
- Granting excessive permissions to CI/CD service accounts
- Committing .env files or configuration with real credentials