Stats
Actions
Tags
From chainenv
Operate the `chainenv` CLI for local secret workflows across macOS Keychain, Linux keyring, and optional 1Password integration. Use when requests mention `chainenv`, `.chainenv.toml`, `chainenv.toml`, keychain vs 1Password, shell export generation, copying secrets between backends, or troubleshooting backend availability and `op` token loading.
How this skill is triggered — by the user, by Claude, or both
Slash command
/chainenv:chainenvThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use this skill when the user wants to work with the installed `chainenv` CLI. This skill is for operating the product, not for changing its source code.
Use this skill when the user wants to work with the installed chainenv CLI. This skill is for operating the product, not for changing its source code.
chainenv must be installed and available on PATH.chainenv diag to confirm backend availability on the current machine.op CLI must be installed. Authentication can come from an active op session or from OP_SERVICE_ACCOUNT_TOKEN.references/auth.md for .chainenv.toml layout and token-loading behavior.Use this skill for:
get or get-envset and update.chainenv.toml affects provider selection and default fallbacksRead references/commands.md when you need exact command forms.
Read references/usage.md when you need workflow guidance or troubleshooting.
chainenv diag.ls, list, get, or get-env.chainenv ls to list all stored accounts in the selected backend.chainenv list to list keys declared in config.chainenv get <KEY> for one secret.chainenv get-env ... --shell <shell> for multi-key shell exports.chainenv get-env --shell <shell> with no keys only when config files define the keys to load.chainenv set to create a secret and register it in config.chainenv update to change an existing secret.chainenv copy or chainenv cp to move secrets between backends.Prefer --shell fish|bash|zsh for new examples. The legacy --fish, --bash, and --zsh flags still work when matching older user setups.
chainenv diag shows the keychain backend unavailable, the host may not support the selected backend or the keyring service is missing.op on PATH, signed-in state, and whether OP_SERVICE_ACCOUNT_TOKEN is set or can be loaded from config.get-env without explicit keys prints No config found or No keys found, switch to explicit key arguments or fix the config file.default values in config are plaintext fallbacks, not encrypted secrets.chainenv --help and subcommand help over stale documentation when they differ.npx claudepluginhub dvcrn/chainenv --plugin chainenvGuides 1Password CLI (op) integration for secret management in dev workflows with .op.env files, Makefile/Docker Compose/Kamal/CI patterns for infrastructure, deployments, local dev.
Manages full lifecycle of secrets and environment variables: decides placement (constant, .env, CI secret, env var), scaffolds .env.example/.gitignore, add/update/rotate/remove/migrate/audit/provision across envs. Language-agnostic.
Manages environment variables and secrets in Claude Code sessions without exposing values. Validates, loads, and audits secrets while keeping them out of logs, diffs, and assistant context.