14
GitHub Stars
4
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill terrylica/cc-skills --skill doppler-workflows- AWS_SPECIFICATION.yaml6.9 KB
- AWS_WORKFLOW.md10.6 KB
- PYPI_REFERENCE.yaml19.0 KB
- SKILL.md4.6 KB
Overview
This skill provides credential and publishing workflows that use Doppler to inject and manage secrets for PyPI publishing, AWS operations, and multi-service credential patterns. It codifies safe CLI patterns, rotation guidance, and quick troubleshooting to avoid common authentication failures. The content is focused on practical commands, testing, and configuration options for CI and local development.
How this skill works
The skill inspects workflow patterns and recommends using doppler run --project <project> --config <config> --command='<command>' so secrets are injected before shell expansion. It documents concrete examples for publishing to PyPI and running AWS commands, plus alternatives like mise [env] for per-directory or persistent local credentials. Troubleshooting entries map common errors to focused fixes and rotation steps.
When to use it
- Publishing Python packages to PyPI from local or scripted environments
- Running AWS CLI commands or automations that require temporary credentials
- Rotating or rotating-checking access keys for AWS and other services
- Setting up credential injection patterns in CI/CD or local development
- Managing multi-token or multi-account credential strategies
Best practices
- Always use --command flag with doppler run so variables expand after injection
- Prefer project-scoped tokens (for PyPI) and short-lived credentials where possible
- Rotate credentials regularly (recommend ~90 days) and automate updates in Doppler
- Validate injection before use (e.g., echo ${#VAR} to test length)
- Store secrets via stdin and use Doppler notes for audit/context (doppler secrets notes set)
Example use cases
- Publish a package to PyPI: doppler run --project claude-config --config dev --command='uv publish --token "$PYPI_TOKEN"'
- List S3 buckets with injected AWS creds: doppler run --project aws-credentials --config dev --command='aws s3 ls --region $AWS_DEFAULT_REGION'
- Local dev with persistent per-directory creds: configure .mise.toml and use mise [env] to cache Doppler secrets
- Rotate an AWS access key and update Doppler, then verify by running an aws sts get-caller-identity command via doppler run
- Set up multi-account tokens using deterministic names like SERVICE_TOKEN_{ABBREV} and document intent with Doppler notes
FAQ
--command ensures Doppler injects secrets before any shell performs variable expansion, preventing empty values and accidental leakage in the environment.
When should I use mise [env] instead of doppler run?
Use mise [env] for per-directory, persistent credential configurations or multi-account GitHub setups. Use doppler run for CI, single-command scopes, or when you want credentials cleared after command execution.