secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
78
56%
Does it follow best practices?
Impact
92%
1.12xAverage score across 6 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/cicd-automation/skills/secrets-management/SKILL.mdEvaluation results
100%
12%Secure Deployment Pipeline with HashiCorp Vault
GitHub Actions Vault integration
Vault action version
0%
100%
kv-v2 path format
100%
100%
Secret masking
100%
100%
GitHub environment scoping
100%
100%
No hardcoded secrets
100%
100%
VAULT_TOKEN reference
100%
100%
Database credentials retrieved
100%
100%
Payment API key retrieved
100%
100%
Secrets requirements documented
100%
100%
Main branch trigger
100%
100%
57%
13%Preventing Secret Leakage in a Development Repository
Secret scanning setup
TruffleHog in pre-commit
0%
0%
Docker invocation pattern
0%
0%
Commit blocking on failure
0%
0%
GitLab secret-scan job
100%
100%
TruffleHog in CI
0%
100%
allow_failure: false
100%
100%
Security stage placement
100%
100%
Hook executable
0%
0%
Installation documented
55%
100%
False positive guidance
100%
100%
100%
Migrating Kubernetes Workloads to Dynamic Secret Injection
Kubernetes External Secrets Operator
ESO apiVersion
100%
100%
SecretStore kind
100%
100%
ExternalSecret kind
100%
100%
refreshInterval set
100%
100%
creationPolicy Owner
100%
100%
Correct secret target
100%
100%
Both fields mapped
100%
100%
AWS credentials action version
100%
100%
No hardcoded AWS credentials
100%
100%
Production namespace
100%
100%
Architecture documented
100%
100%
Ownership model explained
100%
100%
100%
35%Secure the Payments Service Deployment Pipeline
GitLab CI Vault integration
vault:latest image
0%
100%
VAULT_ADDR exported
80%
100%
VAULT_TOKEN exported
50%
100%
vault kv get retrieval
0%
100%
Database password field
75%
100%
API key field
75%
100%
No hardcoded secrets
100%
100%
Protected variable explained
100%
100%
Masked variable explained
100%
100%
Environment-specific secrets
100%
100%
apk dependencies
100%
100%
100%
Provision a Production Database with Secrets from AWS Secrets Manager
AWS Secrets Manager with Terraform and GitHub Actions
Terraform data source type
100%
100%
jsondecode password extraction
100%
100%
Correct secret_id
100%
100%
configure-aws-credentials version
100%
100%
AWS credentials from secrets
100%
100%
get-secret-value CLI flags
100%
100%
Secret masking
100%
100%
No hardcoded credentials
100%
100%
IAM permissions documented
100%
100%
Least privilege noted
100%
100%
96%
Build an Automated Database Password Rotation System
Automated secret rotation
boto3 secretsmanager client
100%
100%
get_secret_value call
100%
100%
json.loads on SecretString
100%
100%
Username preserved
100%
100%
put_secret_value call
100%
100%
Correct secret ID used
100%
100%
Manual rotation steps
66%
66%
Audit logging explained
100%
100%
Short-lived tokens recommended
100%
100%
lambda_handler signature
100%
100%
No hardcoded passwords
100%
100%
- Repository
- wshobson/agents
- Commit
70444e5
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.