- Home
- Skills
- Rknall
- Claude Skills
- Secrets Manager
secrets-manager_skill
31
GitHub Stars
4
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill rknall/claude-skills --skill secrets-manager- migration-guide.md15.9 KB
- README.md9.9 KB
- secrets-patterns.md13.5 KB
- SKILL.md15.7 KB
Overview
This skill manages Docker secrets for GitLab stack projects, ensuring secrets are never stored in .env or docker-compose.yml and are securely integrated with Docker secrets. It enforces a ./secrets directory with strict permissions, validates compose and git safety, and helps migrate environment variables into proper Docker secrets. Use it to create, rotate, audit, or validate secret configuration and to fix secret-related security issues.
How this skill works
The skill scans project files (.env, docker-compose.yml, ./secrets, .gitignore, and git history) to detect exposures, permission problems, and unused or missing secrets. It can create secure secret files in ./secrets with correct ownership and permissions, update docker-compose.yml to reference secrets, generate docker-entrypoint.sh when containers lack native secret support, and produce validation or audit reports with actionable remediation steps. It never reveals secret values and highlights critical issues for immediate remediation.
When to use it
- Create new Docker secrets or generate cryptographically secure values
- Migrate secrets found in .env or docker-compose.yml environment vars
- Validate secret directory, file permissions, and Docker integration
- Audit secret usage, find leaks, or check git for committed secrets
- Rotate or remove obsolete secrets and verify services still work
Best practices
- Always keep secrets in ./secrets with directory mode 700 and files mode 600
- Never store plaintext secrets in .env or docker-compose.yml environment sections
- Ensure ./secrets/* is listed in .gitignore and verify nothing is tracked in git
- Use Docker secrets mechanism; only add docker-entrypoint.sh when native _FILE support is missing
- Generate secrets with cryptographically secure tools (openssl, /dev/urandom, uuidgen)
- Verify ownership is not root and test service access after any migration or rotation
Example use cases
- Scan a project to detect secrets in .env and produce a migration plan
- Create db_password and api_key files in ./secrets, update compose, and set permissions
- Audit secrets to find unused entries and recommend cleanup or rotation
- Generate a 64-character JWT secret and store it securely with correct permissions
- Create docker-entrypoint.sh for a container that requires env vars but lacks _FILE support
FAQ
No. The skill redacts secret values and only reports presence, metadata, and remediation steps.
What file modes and ownership are required?
The ./secrets directory must be mode 700, individual secret files mode 600, and files should not be owned by root.