MR
Mayur Rathi
@mayurrathi
⭐ 40.7k GitHub stars

Secrets Management

Secrets Management is an code AI skill with a core value of Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD ...

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level High
mkdir -p ./skills/secrets-management && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/secrets-management/SKILL.md -o ./skills/secrets-management/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# Secrets Management


Secure secrets management practices for CI/CD pipelines using Vault, AWS Secrets Manager, and other tools.


Purpose


Implement secure secrets management in CI/CD pipelines without hardcoding sensitive information.


Use this skill when


- Store API keys and credentials

- Manage database passwords

- Handle TLS certificates

- Rotate secrets automatically

- Implement least-privilege access


Do not use this skill when


- You plan to hardcode secrets in source control

- You cannot secure access to the secrets backend

- You only need local development values without sharing


Instructions


1. Identify secret types, owners, and rotation requirements.

2. Choose a secrets backend and access model.

3. Integrate CI/CD or runtime retrieval with least privilege.

4. Validate rotation and audit logging.


Safety


- Never commit secrets to source control.

- Limit access and log secret usage for auditing.


Secrets Management Tools


HashiCorp Vault

- Centralized secrets management

- Dynamic secrets generation

- Secret rotation

- Audit logging

- Fine-grained access control


AWS Secrets Manager

- AWS-native solution

- Automatic rotation

- Integration with RDS

- CloudFormation support


Azure Key Vault

- Azure-native solution

- HSM-backed keys

- Certificate management

- RBAC integration


Google Secret Manager

- GCP-native solution

- Versioning

- IAM integration


HashiCorp Vault Integration


Setup Vault


bash
# Start Vault dev server
vault server -dev

# Set environment
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='root'

# Enable secrets engine
vault secrets enable -path=secret kv-v2

# Store secret
vault kv put secret/database/config username=admin password=secret

GitHub Actions with Vault


yaml
name: Secrets Management

on: [push]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Import Secrets from Vault
      uses: hashicorp/vault-action@v2
      with:
        url: https://vault.example.com:8200
        token: ${{ secrets.VAULT_TOKEN }}
        secrets: |
          secret/data/database username | DB_USERNAME ;
          secret/data/database password | DB_PASSWORD ;
          secret/data/api key | API_KEY

    - name: Use secrets
      run: |
        echo "Connecting to database as $DB_USERNAME"
        # Use $DB_PASSWORD, $API_KEY

GitLab CI with Vault


yaml
deploy:
  image: vault:latest
  before_script:
    - export VAULT_ADDR=https://vault.example.com:8200
    - export VAULT_TOKEN=$VAULT_TOKEN
    - apk add curl jq
  script:
    - |
      DB_PASSWORD=$(vault kv get -field=password secret/database/config)
      API_KEY=$(vault kv get -field=key secret/api/credentials)
      echo "Deploying with secrets..."
      # Use $DB_PASSWORD, $API_KEY

**Reference:** See `references/vault-setup.md`


AWS Secrets Manager


Store Secret


bash
aws secretsmanager create-secret \
  --name production/database/password \
  --secret-string "super-secret-password"

Retrieve in GitHub Actions


yaml
- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
    aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
    aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    aws-region: us-west-2

- name: Get secret from AWS
  run: |
    SECRET=$(aws secretsmanager get-secret-value \
      --secret-id production/database/password \
      --query SecretString \
      --output text)
    echo "::add-mask::$SECRET"
    echo "DB_PASSWORD=$SECRET" >> $GITHUB_ENV

- name: Use secret
  run: |
    # Use $DB_PASSWORD
    ./deploy.sh

Terraform with AWS Secrets Manager


hcl
data "aws_secretsmanager_secret_version" "db_password" {
  secret_id = "production/database/password"
}

resource "aws_db_instance" "main" {
  allocated_storage    = 100
  engine              = "postgres"
  instance_class      = "db.t3.large"
  username            = "admin"
  password    

🎯 Best For

  • Claude users
  • Software engineers
  • Development teams
  • Tech leads

💡 Use Cases

  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Secrets Management to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Is Secrets Management compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Secrets Management?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Secrets Management?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/secrets-management/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills