Why does this skill prefer file-based injection over environment variables?

File-based injection is recommended because environment variables can often leak via process listings, crash reports, and application logs, whereas files are more easily scoped and protected.

Can it help with Kubernetes credential management?

Yes, it covers advanced K8s patterns including Vault Agent Injector annotations and the CSI Secret Store Driver for secure runtime access.

Which secret management tools are supported?

The skill provides expertise for HashiCorp Vault (including KV v2 and dynamic secrets), AWS Secrets Manager, GCP Secret Manager, SOPS, and Bitnami Sealed Secrets.

How does this skill improve CI/CD security?

It implements OIDC federation to replace static cloud credentials with short-lived tokens, ensuring that sensitive keys are never stored in pipeline configuration files.

DevOps Secrets Management

Name: DevOps Secrets Management
Author: rnavarych

byrnavarych

•

Despliegue y DevOps

Secures sensitive credentials and implements zero-trust injection patterns across cloud environments, Kubernetes clusters, and CI/CD pipelines.

This skill provides Claude with expert-level guidance for architecting, implementing, and auditing secure secrets management workflows. It covers a comprehensive range of tools including HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, and SOPS, while emphasizing best practices like automated rotation, least-privilege access, and file-based runtime injection. By leveraging OIDC federation and zero-trust principles, the skill helps developers eliminate long-lived credentials and prevent sensitive data leaks in source code, container layers, and system logs.

Características Principales

01Automated rotation policy design for DBs, APIs, and TLS certificates

02OIDC federation for secure CI/CD cloud authentication

03Zero-trust runtime injection for Kubernetes and containerized apps

049 GitHub stars

05Centralized secret store integration (Vault, AWS, GCP, SOPS)

06Audit logging and security hardening for credential access

Casos de Uso

01Implementing Bitnami Sealed Secrets or SOPS for GitOps-friendly encrypted configurations

02Configuring OIDC-based authentication for GitHub Actions to eliminate static AWS/GCP keys

03Auditing infrastructure to migrate hardcoded credentials to a secure vault

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer secrets-management

For use in Claude.ai and ChatGPT

Download Skill