- Home
- Skills
- Autumnsgrove
- Groveengine
- Secrets Management
secrets-management_skill
- TypeScript
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill autumnsgrove/groveengine --skill secrets-management- SKILL.md3.0 KB
Overview
This skill manages API keys, credentials, and other sensitive configuration using a secrets.json pattern with environment variable fallbacks. It is designed for multi-tenant TypeScript projects and prevents committing secrets while providing a clear onboarding template. The goal is to centralize secret loading, support CI/CD, and reduce accidental exposure of credentials.
How this skill works
The skill expects a secrets.json file for local secrets plus a secrets_template.json committed as a reference. At runtime the loader reads secrets.json and falls back to environment variables when keys are absent or in CI. It enforces adding secrets.json to .gitignore and encourages rotating keys and avoiding logs that reveal secrets.
When to use it
- When adding API keys or service credentials for external integrations
- During local setup to keep secrets out of source control
- When implementing CI/CD pipelines that use environment variables
- When migrating .env-based workflows to a structured secrets file
- Before deploying to production to ensure secret fallbacks are defined
Best practices
- Never hardcode keys in source; use secrets.json or env vars
- Commit only a secrets_template.json with placeholders
- Add secrets.json and .env to .gitignore immediately
- Implement environment variable fallbacks for CI and deploys
- Rotate keys when team membership changes and avoid logging full keys
Example use cases
- Local developer onboarding: copy secrets_template.json to secrets.json and fill values
- CI setup: provide credentials via environment variables instead of committing secrets
- Third-party API integrations: load provider keys from secrets.json with env fallback
- Staging vs production: use secrets.json locally and secure env vars in production
- Automated tests: stub secrets during test runs using environment variables
FAQ
The loader will use environment variable fallbacks; ensure CI sets required env vars.
Should I commit secrets_template.json?
Yes. Commit the template with placeholders to document required keys without exposing real values.