Implements secure, simplified secrets management using a one-secret-per-service pattern and account-based environment isolation.
This skill provides opinionated guidance for architecting cloud secrets and application configuration, focusing on reducing infrastructure complexity. It advocates for a single JSON blob per service, customer-managed KMS encryption, and role-based database access, ensuring that environment configuration remains consistent across development and production accounts. By separating infrastructure wiring from application secrets, teams can update configurations without complex infrastructure-as-code cycles while maintaining high security through SSO-integrated database access and decryption audit trails.
주요 기능
01One-secret-per-service JSON blob architecture
02Customer-managed KMS encryption standards
03Account-based environment isolation for consistent paths
04Role-based database user management and naming
05Decoupled configuration updates from Terraform runs
069 GitHub stars
사용 사례
01Migrating from fragmented parameter/secret stores to a unified pattern
02Setting up secure, role-based database access for services and developers
03Architecting a new SaaS application's secret storage strategy
