Which secret management tools are supported by this skill?

The skill provides implementation patterns for HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and native CI/CD secrets for GitHub and GitLab.

Does it provide guidance on secret rotation?

It provides both manual rotation processes and automated examples, such as using AWS Lambda to rotate credentials without manual intervention.

How does this skill prevent hardcoded secrets in my code?

It includes setup guides for pre-commit hooks and CI/CD security scanning using tools like TruffleHog to detect and block secrets before they are committed.

Can this skill help with Kubernetes security?

Yes, it includes detailed configurations for the External Secrets Operator to securely sync secrets from external providers directly into Kubernetes clusters.

Secrets Management & CI/CD Security

Name: Secrets Management & CI/CD Security
Author: HermeticOrmus

byHermeticOrmus

•

Seguridad y Pruebas

Implements secure secrets handling for CI/CD pipelines using industry-standard tools like Vault, AWS Secrets Manager, and platform-native solutions.

Acerca de

This skill provides a robust framework for managing sensitive credentials, API keys, and certificates within your software development lifecycle. It offers specialized patterns for integrating HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and Google Secret Manager into CI/CD workflows. By leveraging this skill, developers can eliminate hardcoded secrets, implement automated rotation, and establish least-privilege access controls, ensuring that sensitive data remains encrypted and audited across GitHub Actions, GitLab CI, and Kubernetes environments.

Características Principales

Automated secret scanning and leak prevention (TruffleHog)
2 GitHub stars
Platform-native secret handling for GitHub and GitLab
Kubernetes External Secrets Operator configuration
Multi-cloud integration (AWS, Azure, GCP, and HashiCorp Vault)
Automated secret rotation and management patterns

Casos de Uso

Securing database credentials within GitHub Actions or GitLab CI/CD
Implementing centralized secret management with HashiCorp Vault
Setting up automated secret scanning to prevent credential leaks in repositories

Acerca de

Características Principales

Automated secret scanning and leak prevention (TruffleHog)
2 GitHub stars
Platform-native secret handling for GitHub and GitLab
Kubernetes External Secrets Operator configuration
Multi-cloud integration (AWS, Azure, GCP, and HashiCorp Vault)
Automated secret rotation and management patterns

Casos de Uso

Securing database credentials within GitHub Actions or GitLab CI/CD
Implementing centralized secret management with HashiCorp Vault
Setting up automated secret scanning to prevent credential leaks in repositories