Why should I avoid command-line arguments for secrets?

Command-line arguments are visible in process lists via commands like 'ps aux', are recorded in shell history files, and are often captured by system audit logs, making them highly insecure for sensitive data.

How does secret masking work in this skill?

The skill provides guidance and code patterns to ensure that sensitive values are automatically redacted in debug logs, error messages, and verbose output to prevent accidental leaks.

Which programming languages are supported for implementation?

The skill includes specific libraries and implementation patterns for several major languages, including Rust, Go, Python, Node.js, and Ruby.

Does this skill help with CI/CD secret management?

Yes, it provides specific patterns for handling environment variables as an 'acceptable' fallback method specifically for automated environments like GitHub Actions or containerized pipelines.

What is the safest way to store secrets for a CLI tool?

The safest method for persistent storage is using an OS keychain or a dedicated credential helper, which provides encrypted storage specifically designed for interactive users.

Handle Secrets CLI

Name: Handle Secrets CLI
Author: cboone

bycboone

•

Seguridad y Pruebas

Implements industry-standard security practices for managing user credentials and API keys in CLI applications.

The handle-secrets skill provides a comprehensive framework for developers building command-line tools that require sensitive user data like API tokens and passwords. It guides users through a security hierarchy of input methods—prioritizing OS keychains and secure pipes over insecure environment variables or command-line arguments—while offering implementation patterns for secret masking, credential resolution fallback chains, and language-specific library recommendations. This skill is essential for both building secure-by-default tools and auditing existing codebases for common secret-handling vulnerabilities and CVE anti-patterns.

Características Principales

01Automatic secret masking patterns for debug logs, error messages, and HTTP traces

02Security hierarchy ranking from OS keychains to stdin and config files

031 GitHub stars

04Security audit checklists to identify and mitigate common CLI secret-handling anti-patterns

05Standardized credential resolution fallback chains for interactive and automated environments

06Language-specific library recommendations for Rust, Go, Python, Node.js, and Ruby

Casos de Uso

01Developing a new CLI tool that requires secure API key storage and retrieval

02Performing a security review of existing CLI code to identify hardcoded secrets or insecure argument passing

03Configuring CI/CD pipelines to handle credentials safely using environment variable fallbacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cboone/cboone-cc-plugins handle-secrets

For use in Claude.ai and ChatGPT

Download Skill