secrets-management
Installation
SKILL.md
OCI Vault and Secrets Management
NEVER Do This
❌ NEVER set temp key file permissions AFTER writing content
# WRONG - world-readable during write (security window exists)
with open('/tmp/key.pem', 'w') as f:
f.write(private_key)
os.chmod('/tmp/key.pem', 0o600) # Too late — race condition!
# RIGHT - secure BEFORE writing
fd = os.open('/tmp/key.pem', os.O_CREAT | os.O_WRONLY, 0o600)
with os.fdopen(fd, 'w') as f:
f.write(private_key)