secrets-management

Secrets Management Skill

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "secrets-management" with this command: npx skills add hack23/homepage/hack23-homepage-secrets-management

Secrets Management Skill

Purpose

Ensure secure handling of sensitive credentials, API keys, tokens, and cryptographic keys throughout development and deployment lifecycle across all Hack23 projects. Enforces zero-tolerance for hardcoded secrets.

Rules

Golden Rules

MUST:

  • Use environment variables or secrets managers for all credentials

  • Use GitHub Actions secrets for CI/CD credentials

  • Include .env , *.key , *.pem , *.p12 in .gitignore

  • Rotate secrets on a defined schedule (quarterly minimum)

  • Use pre-commit hooks to detect secrets before they reach the repository

  • Log all secret access and rotation events

  • Immediately rotate any secret suspected of compromise

MUST NOT:

  • Hard-code secrets, credentials, API keys, or tokens in source code

  • Commit .env files, private keys, or certificates to git

  • Store secrets in comments, documentation, or issue descriptions

  • Share secrets via email, chat, or unencrypted channels

  • Use the same secret across multiple environments

  • Use default or well-known credentials in any environment

Secret Types and Storage

Secret Type Recommended Storage Rotation

API Keys GitHub Secrets / AWS Secrets Manager Quarterly

Database Credentials AWS Secrets Manager / Vault Quarterly

JWT Signing Keys AWS Secrets Manager Annually

TLS Certificates AWS Certificate Manager Auto-renewed

Encryption Keys AWS KMS Annually

Service Tokens GitHub Secrets Quarterly

Detection and Prevention

Pre-commit scanning:

  • Use git-secrets , gitleaks , or trufflehog for automated detection

  • GitHub Secret Scanning alerts must be enabled on all repositories

  • Block push if secrets are detected

CI/CD scanning:

  • Enable GitHub Advanced Security secret scanning

  • Run gitleaks in CI pipeline

  • Fail builds on secret detection

Incident Response for Exposed Secrets

  • Immediately rotate the compromised secret

  • Revoke old secret from all systems

  • Review access logs for unauthorized use

  • Notify security team

  • Document incident per Incident Response Plan

Hack23 ISMS Policy References

  • Cryptography Policy

  • Access Control Policy

  • Secure Development Policy

  • Incident Response Plan

Compliance Mapping

  • ISO 27001:2022: A.8.4 (Access to Source Code), A.8.24 (Cryptography)

  • NIST CSF 2.0: PR.AC-1 (Credentials), PR.DS-5 (Data Leak Protection)

  • CIS Controls v8.1: Control 3.11 (Encrypt Sensitive Data), Control 4.7 (Manage Credentials)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

ai governance

No summary provided by upstream source.

Repository SourceNeeds Review
-16
hack23
Security

information-security-strategy

No summary provided by upstream source.

Repository SourceNeeds Review
-18
hack23
Security

threat-modeling

No summary provided by upstream source.

Repository SourceNeeds Review
-15
hack23