freeskillv2.0.0✓ verified
secrets-management
Handle secrets safely across the lifecycle — keep them out of source, load from env or a secret manager, scope to least privilege, encrypt in transit and at rest, rotate on a schedule, and respond fast when one leaks. Deep reference with runbooks, examples, and a runnable leak scanner.
$npx vanara install secrets-management
Free & open source (Apache-2.0) — view the source on GitHub.
Overview
A secret committed to source control is already compromised — assume it is public the moment it lands in history, even on a private repo. Git history, CI logs, container layers, backups, and forks all retain it. The only safe response is rotation, not deletion. This skill is the deep reference for keeping secrets out of code, supplying them safely at runtime, and reacting correctly when one escape
What it covers
- Keep secrets out of source
- Environment variables vs secret managers
- Least privilege & short-lived credentials
- Encryption in transit and at rest
- Rotation
- Leak Response — The First Hour
- Secret Managers — Env Vars vs Vault vs Cloud KMS