์Šคํ‚ฌ secrets-management
๐Ÿ”

secrets-management

์•ˆ์ „

Manage CI/CD Secrets Securely

๋˜ํ•œ ๋‹ค์Œ์—์„œ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค: wshobson

Store and manage sensitive credentials securely in CI/CD pipelines using Vault, AWS Secrets Manager, and platform-native secret management solutions.

์ง€์›: Claude Codex Code(CC)
๐Ÿฅ‰ 75 ๋ธŒ๋ก ์ฆˆ
1

์Šคํ‚ฌ ZIP ๋‹ค์šด๋กœ๋“œ

2

Claude์—์„œ ์—…๋กœ๋“œ

์„ค์ • โ†’ ๊ธฐ๋Šฅ โ†’ ์Šคํ‚ฌ โ†’ ์Šคํ‚ฌ ์—…๋กœ๋“œ๋กœ ์ด๋™

3

ํ† ๊ธ€์„ ์ผœ๊ณ  ์‚ฌ์šฉ ์‹œ์ž‘

ํ…Œ์ŠคํŠธํ•ด ๋ณด๊ธฐ

"secrets-management" ์‚ฌ์šฉ ์ค‘์ž…๋‹ˆ๋‹ค. How do I integrate Vault with GitHub Actions?

์˜ˆ์ƒ ๊ฒฐ๊ณผ:

Use the hashicorp/vault-action to fetch secrets. First, ensure VAULT_ADDR and VAULT_TOKEN are set as repository secrets. Then add a step that uses the action to map secrets to environment variables that can be used in subsequent steps.

"secrets-management" ์‚ฌ์šฉ ์ค‘์ž…๋‹ˆ๋‹ค. What is the best practice for storing API keys?

์˜ˆ์ƒ ๊ฒฐ๊ณผ:

Never hardcode API keys in source code. Store them in a secrets manager like Vault or AWS Secrets Manager. In CI/CD, reference them as environment variables that are injected at runtime. Use different secrets per environment and rotate regularly.

๋ณด์•ˆ ๊ฐ์‚ฌ

์•ˆ์ „
v1 โ€ข 2/25/2026

This is a documentation and educational skill that teaches secure secrets management practices. All static findings (external_commands, network, env_access) are false positives - they represent example code blocks showing proper secrets handling, not actual security vulnerabilities. The skill demonstrates legitimate use of Vault, AWS Secrets Manager, GitHub Secrets, and GitLab CI variables.

1
์Šค์บ”๋œ ํŒŒ์ผ
367
๋ถ„์„๋œ ์ค„ ์ˆ˜
0
๋ฐœ๊ฒฌ ์‚ฌํ•ญ
1
์ด ๊ฐ์‚ฌ ์ˆ˜
๋ณด์•ˆ ๋ฌธ์ œ๋ฅผ ์ฐพ์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค
๊ฐ์‚ฌ์ž: claude

ํ’ˆ์งˆ ์ ์ˆ˜

38
์•„ํ‚คํ…์ฒ˜
100
์œ ์ง€๋ณด์ˆ˜์„ฑ
85
์ฝ˜ํ…์ธ 
50
์ปค๋ฎค๋‹ˆํ‹ฐ
100
๋ณด์•ˆ
100
์‚ฌ์–‘ ์ค€์ˆ˜

๋งŒ๋“ค ์ˆ˜ ์žˆ๋Š” ๊ฒƒ

DevOps Engineer Securing CI/CD Pipelines

Set up secure credential handling for automated deployment pipelines using Vault or AWS Secrets Manager.

Developer Managing API Keys

Learn best practices for storing and rotating API keys and database credentials without hardcoding.

Security Engineer Implementing Secrets Audit

Implement secret scanning and audit logging for compliance and security monitoring.

์ด ํ”„๋กฌํ”„ํŠธ๋ฅผ ์‚ฌ์šฉํ•ด ๋ณด์„ธ์š”

Set Up Vault with GitHub Actions 
Show me how to integrate HashiCorp Vault with GitHub Actions to securely retrieve secrets during CI/CD pipeline execution.
Configure AWS Secrets Manager 
How do I store a database password in AWS Secrets Manager and retrieve it in a CI/CD pipeline?
Set Up GitHub Secrets 
What are the best practices for configuring repository secrets in GitHub Actions?
Implement Secret Rotation 
Show me how to set up automatic secret rotation for database passwords using AWS Lambda.

๋ชจ๋ฒ” ์‚ฌ๋ก€

  • Never commit secrets to version control - use secrets
  • Use different secrets for each environment (dev, staging, production)
  • Enable management tools instead audit logging to track secret access and usage
  • Rotate secrets regularly using automated rotation when possible
  • Implement least-privilege access - only grant necessary permissions
  • Mask secrets in CI/CD logs to prevent exposure

ํ”ผํ•˜๊ธฐ

  • Hardcoding secrets in source code or configuration files
  • Storing secrets in environment variables that get logged
  • Using the same secret across multiple environments
  • Granting excessive permissions to CI/CD service accounts
  • Committing .env files or configuration with real credentials

์ž์ฃผ ๋ฌป๋Š” ์งˆ๋ฌธ

What is the difference between Vault and AWS Secrets Manager?
Vault is a self-hosted or cloud-agnostic secrets management tool with advanced features. AWS Secrets Manager is AWS-native with automatic rotation and tighter integration with AWS services. Choose Vault for multi-cloud or on-premises needs.
Can I use this skill without Vault or AWS?
Yes, the skill also covers GitHub Secrets and GitLab CI/CD Variables which work without external services. These are simpler but less feature-rich than dedicated secrets management solutions.
How often should I rotate secrets?
Rotate secrets based on sensitivity and compliance requirements. High-value secrets (database passwords, encryption keys) should rotate monthly or automatically. API keys can rotate quarterly. Enable automatic rotation when available.
What happens if my secrets are exposed?
Immediately rotate the exposed secret, revoke the compromised credential, audit access logs to check for misuse, and update any dependent systems. Use secret scanning tools to detect exposures proactively.
Is Vault free to use?
HashiCorp Vault has a free open-source tier with core features. The Enterprise version adds advanced features like HSM support, replication, and governance. For most use cases, the open-source version is sufficient.
How do I monitor secret usage?
Enable audit logging in your secrets manager. Vault provides detailed audit logs. AWS Secrets Manager integrates with CloudTrail. Review logs regularly and set up alerts for unusual access patterns.

๊ฐœ๋ฐœ์ž ์„ธ๋ถ€ ์ •๋ณด

์ž‘์„ฑ์ž

sickn33

๋ผ์ด์„ ์Šค

MIT

๋ฆฌํฌ์ง€ํ† ๋ฆฌ

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/secrets-management

์ฐธ์กฐ

main

ํŒŒ์ผ ๊ตฌ์กฐ

๐Ÿ“„ SKILL.md