Stats
Actions
Tags
From role-devops
Provides secrets management using HashiCorp Vault, AWS/GCP Secret Managers, SOPS, Kubernetes sealed secrets. Covers rotation policies, zero-trust injection, env vars, and CI/CD hardening.
How this skill is triggered — by the user, by Claude, or both
Slash command
/role-devops:secrets-managementThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Setting up or auditing a centralized secret store (Vault, cloud-native, or SOPS)
references/vault-cloud-sops.md — Core principles, HashiCorp Vault HA/auto-unseal/KV v2/dynamic secrets/Kubernetes auth/audit backend, AWS Secrets Manager and GCP Secret Manager resource policies and rotation, SOPS encryption with KMS/PGP and Helm secrets plugin, Bitnami Sealed Secrets with kubeseal and key rotation schedule, rotation policy schedules by secret type (DB/API/TLS/SSH/tokens)references/injection-cicd.md — Zero-trust runtime injection patterns, Vault Agent Injector annotations, CSI Secret Store Driver SecretProviderClass, file-based injection preference rationale, startup env var validation pattern, GitHub Secrets and GitLab CI Variables scoping, OIDC federation for AWS and GCP from GitHub Actions/GitLab CI, CI log masking verification.env files excluded from version controlnpx claudepluginhub rnavarych/alpha-engineer --plugin role-devopsImplements secure secrets management in CI/CD pipelines using Vault, AWS Secrets Manager, and other tools. Guides on storing, rotating, and auditing secrets without hardcoding.
<!-- AUTO-GENERATED by export-plugins.py — DO NOT EDIT -->
Integrates secrets managers (Vault, AWS/GCP/Azure) into apps/infra; generates policies, auth configs, rotation schedules, Kubernetes manifests, and retrieval code.