env-manager_skill

This skill validates and secures environment variables across Next.js, Vite, React, and Node.js projects, preventing leaks and simplifying CI/CD.
  • Python

13

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill bobmatnyc/claude-mpm-skills --skill env-manager

  • metadata.json655 B
  • SKILL.md15.4 KB

Overview

This skill provides environment variable validation, security scanning, and management focused on Next.js, Vite, React, Node.js, and Python apps. It prevents missing variables, accidental client-side secret exposure, and inconsistent .env files across environments. Designed for local development, CI/CD gates, and deployment platforms with no external dependencies.

How this skill works

The skill parses .env files and validates key=value structure, naming conventions, duplicates, and empty values. It applies framework-aware rules to detect client-exposed prefixes (NEXT_PUBLIC_, VITE_, REACT_APP_) and flags likely secrets. It can compare against .env.example, generate sanitized examples, and emit JSON for CI/CD with clear exit codes.

When to use it

  • Validate .env before pushing or deploying to catch missing or malformed variables
  • Run in CI/CD as a quality gate with --strict to treat warnings as errors
  • Scan for secrets accidentally placed in client-exposed variables (Next.js, Vite, CRA)
  • Generate .env.example to document required environment variables safely
  • Compare team .env files to .env.example during onboarding to ensure consistency

Best practices

  • Never commit .env files with secrets; use .env.example for documentation
  • Run validation in CI/CD pipelines to catch regressions before deploy
  • Use platform secret managers (Vercel, Railway, Heroku) for production secrets
  • Keep client-exposed variables strictly public/publishable and move secrets to server-side vars
  • Review generated .env.example and adjust placeholders if overly conservative

Example use cases

  • New developer onboarding: validate .env against .env.example and fill missing values
  • Pre-deployment check: run framework-specific validation (e.g., Next.js) with --strict
  • Security audit: scan .env.local to find secrets in NEXT_PUBLIC_ or VITE_ variables
  • CI quality gate: produce JSON output and fail pipeline if validation fails
  • Documentation: regenerate .env.example after adding new variables and commit it

FAQ

Next.js, Vite, React (CRA), Node.js/Express, and Flask/Python with generic mode for other setups.

Will it ever print secret values?

No. The tool never logs raw secret values and sanitizes outputs when generating .env.example.

How do I use it in CI?

Run the CLI with --json (and --strict if you want warnings to fail). Check exit codes: 0 success, 1 validation errors, 2 file not found, 3 warnings in strict mode.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational