Can I automate secret rotation with this skill?

Yes, it covers automated rotation patterns using AWS Lambda and manual rotation processes to help maintain high security standards and compliance.

What is secrets management in CI/CD?

Secrets management is the practice of using specialized tools to store and inject sensitive data like API keys and passwords into automation pipelines, ensuring they are never hardcoded in the repository.

How do I prevent secrets from being committed to Git?

The skill includes guidance on using secret scanning tools like TruffleHog as pre-commit hooks or CI/CD steps to detect and block secrets before they enter the codebase.

Does this skill support AWS Secrets Manager?

Yes, it provides implementation patterns for AWS Secrets Manager, including CLI usage, GitHub Actions integration, and Terraform data source examples.

CI/CD Secrets Management

Name: CI/CD Secrets Management
Author: HermeticOrmus

byHermeticOrmus

Deployment & DevOps

Implements secure credential handling and automated rotation patterns for CI/CD pipelines using Vault, AWS Secrets Manager, and native platform tools.

About

This skill provides specialized guidance for securing sensitive information within automated deployment workflows. It offers implementation patterns for industry-standard tools like HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault, ensuring that API keys, database credentials, and certificates are never hardcoded in source control. By incorporating secret scanning, automated rotation, and least-privilege access controls, this skill enables developers to build secure, production-grade CI/CD pipelines that mitigate the risk of credential leakage and comply with security best practices.

Key Features

Automated secret rotation logic for cloud-native services
Pre-commit and CI/CD secret scanning configuration using TruffleHog
0 GitHub stars
Native secret management for GitHub Actions and GitLab CI/CD
Kubernetes integration via External Secrets Operator
Integration patterns for HashiCorp Vault, AWS, Azure, and Google Secret Manager

Use Cases

Implementing automated password rotation for AWS RDS instances
Securing database credentials and API keys in GitHub Actions or GitLab CI
Synchronizing centralized Vault secrets with Kubernetes clusters

About

Key Features

Automated secret rotation logic for cloud-native services
Pre-commit and CI/CD secret scanning configuration using TruffleHog
0 GitHub stars
Native secret management for GitHub Actions and GitLab CI/CD
Kubernetes integration via External Secrets Operator
Integration patterns for HashiCorp Vault, AWS, Azure, and Google Secret Manager

Use Cases

Implementing automated password rotation for AWS RDS instances
Securing database credentials and API keys in GitHub Actions or GitLab CI
Synchronizing centralized Vault secrets with Kubernetes clusters