Skills secrets-management
🔐

secrets-management

Safe 🌐 Network access⚙️ External commands🔑 Env variables

Secure CI/CD secrets across pipelines

CI/CD pipelines often leak secrets through hardcoded values and logs. This skill guides you to store, rotate, and consume secrets safely with popular platforms.

Supports: Claude Codex Code(CC)
📊 69 Adequate
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "secrets-management". Show a safe way to pull an API key into GitLab CI from Vault.

Expected outcome:

  • Use the Vault CLI in the job to fetch the key field
  • Export the key to a masked environment variable
  • Avoid printing the secret in logs
  • Rotate the key and update the Vault entry regularly

Using "secrets-management". How do I set up automatic secret rotation for my database credentials?

Expected outcome:

  • Configure AWS Secrets Manager with automatic rotation enabled
  • Create a Lambda function that generates a new password
  • Update both the database and the secret in the store
  • Test the rotation before deploying to production

Using "secrets-management". What are the risks of hardcoding secrets in CI pipelines?

Expected outcome:

  • Secrets appear in build logs and artifacts
  • Secrets get committed to version control accidentally
  • Secrets are exposed to anyone with repository access
  • Rotating secrets requires code changes and deployments

Security Audit

Safe
v4 • 1/17/2026

Documentation-only skill providing CI/CD secrets management guidance. Static findings triggered on legitimate tool references (Vault, AWS), environment variable examples, and shell script documentation - all expected content for a secrets management educational resource. No executable code or malicious patterns detected.

2
Files scanned
524
Lines analyzed
3
findings
4
Total audits

Risk Factors

🌐 Network access (6)
skill-report.json:6 SKILL.md:57 SKILL.md:83 SKILL.md:102 SKILL.md:274 SKILL.md:57
⚙️ External commands (40)
SKILL.md:52-65 SKILL.md:65-69 SKILL.md:69-94 SKILL.md:94-98 SKILL.md:98-111 SKILL.md:111-113 SKILL.md:113-119 SKILL.md:119-123 SKILL.md:123-127 SKILL.md:127-148 SKILL.md:148-152 SKILL.md:152-164 SKILL.md:164-170 SKILL.md:170-175 SKILL.md:175-179 SKILL.md:179-187 SKILL.md:187-189 SKILL.md:189-195 SKILL.md:195-200 SKILL.md:200-224 SKILL.md:224-251 SKILL.md:251-265 SKILL.md:265-305 SKILL.md:305-311 SKILL.md:311-324 SKILL.md:324-328 SKILL.md:328-335 SKILL.md:335-339 SKILL.md:339-340 SKILL.md:340-344 SKILL.md:344-345 SKILL.md:345-346 SKILL.md:107 SKILL.md:108 SKILL.md:137-140 SKILL.md:316 SKILL.md:98-111 SKILL.md:127-148 SKILL.md:311-324 SKILL.md:312
🔑 Env variables (19)
SKILL.md:131 SKILL.md:132 SKILL.md:87 SKILL.md:93 SKILL.md:107 SKILL.md:110 SKILL.md:142 SKILL.md:146 SKILL.md:153 SKILL.md:162 SKILL.md:174 SKILL.md:199 SKILL.md:88 SKILL.md:93 SKILL.md:108 SKILL.md:110 SKILL.md:173 SKILL.md:186 SKILL.md:198
Audited by: claude View Audit History →

Quality Score

38
Architecture
100
Maintainability
85
Content
21
Community
100
Security
91
Spec Compliance

What You Can Build

Harden CI secrets

Set up secure secret retrieval for build and deploy stages without hardcoded values.

Define rotation flow

Create a consistent secret rotation process and logging guidance for teams.

Kubernetes secrets sync

Model External Secrets Operator usage for cluster workloads.

Try These Prompts

Basic secret storage 
Explain how to store and use a database password in CI without hardcoding, using one platform from the skill.
Vault in GitHub Actions 
Draft GitHub Actions steps that read two secrets from Vault and expose them as environment variables.
AWS Secrets Manager flow 
Outline steps to create a secret and retrieve it in a CI job, including masking the output.
Rotation design 
Design a secret rotation workflow for a database, including update steps and validation checkpoints.

Best Practices

  • Use different secrets per environment
  • Mask secrets in logs and outputs
  • Enable audit logging and rotation

Avoid

  • Commit secrets to version control
  • Reuse production secrets in test pipelines
  • Echo secrets to logs for debugging

Frequently Asked Questions

Which CI platforms are supported?
Examples cover GitHub Actions and GitLab CI, plus general steps for other platforms.
What are the limits of this skill?
It provides guidance and examples, not automated provisioning or policy enforcement.
Can it integrate with Vault or AWS Secrets Manager?
Yes, it includes example steps for Vault and AWS Secrets Manager usage.
Does it access my secrets or send data out?
No, it does not run code or access your environment.
What if a command in the example fails?
Check tool installation, credentials, and endpoint URLs, then retry with minimal output.
How does this compare to using plain CI secrets?
It adds stronger rotation and centralized control compared to basic CI variables.

Developer Details

Author

wshobson

License

MIT

Repository

https://github.com/wshobson/agents/tree/main/plugins/cicd-automation/skills/secrets-management

Ref

main

File structure

📄 SKILL.md