secrets-management

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Install with Tessl CLI

npx tessl i github:wshobson/agents --skill secrets-management

What are skills?

Overall
score

82%

Review — 82%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Evaluation — 86%

↑ 1.12x

Agent success when using this skill

Validation — 14 / 16 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

12%

Secure Deployment Pipeline with HashiCorp Vault

GitHub Actions Vault integration

Criteria

Without context

With context

Vault action version

100%

kv-v2 path format

100%

Secret masking

100%

GitHub environment scoping

100%

No hardcoded secrets

100%

VAULT_TOKEN reference

100%

Database credentials retrieved

100%

Payment API key retrieved

100%

Secrets requirements documented

100%

Main branch trigger

100%

Without context: $0.2065 · 43s · 11 turns · 60 in / 2,352 out tokens

With context: $0.3301 · 1m 14s · 15 turns · 14 in / 3,357 out tokens

58%

12%

Preventing Secret Leakage in a Development Repository

Secret scanning setup

Criteria

Without context

With context

TruffleHog in pre-commit

Docker invocation pattern

Commit blocking on failure

GitLab secret-scan job

100%

TruffleHog in CI

100%

allow_failure: false

100%

Security stage placement

100%

Hook executable

Installation documented

78%

100%

False positive guidance

100%

Without context: $0.4784 · 1m 47s · 24 turns · 73 in / 5,675 out tokens

With context: $0.5524 · 1m 51s · 26 turns · 263 in / 6,081 out tokens

100%

Migrating Kubernetes Workloads to Dynamic Secret Injection

Kubernetes External Secrets Operator

Criteria

Without context

With context

ESO apiVersion

100%

SecretStore kind

100%

ExternalSecret kind

100%

refreshInterval set

100%

creationPolicy Owner

100%

Correct secret target

100%

Both fields mapped

100%

AWS credentials action version

100%

No hardcoded AWS credentials

70%

100%

Production namespace

100%

Architecture documented

100%

Ownership model explained

100%

Without context: $0.2141 · 1m 20s · 13 turns · 9 in / 3,597 out tokens

With context: $0.5712 · 1m 57s · 25 turns · 131 in / 6,733 out tokens

Evaluated: about 5 hours ago
Agent: Claude Code

Table of Contents

Secure Deployment Pipeline with HashiCorp Vault Preventing Secret Leakage in a Development Repository Migrating Kubernetes Workloads to Dynamic Secret Injection

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.