secrets

Installation

SKILL.md

Secrets Management

Core Rules

NEVER hardcode secrets, API keys, OAuth2 client IDs/secrets, tokens, passwords, or credentials in source code
ALWAYS store secrets in .env files (or platform-native equivalents like local.properties, .xcconfig)
ALWAYS load secrets from environment variables at runtime
ALWAYS add .env to .gitignore before first commit
ALWAYS provide a .env.example documenting required variables (with empty values)

Workflow

When Writing Code That Uses Secrets

Installs

13

Repository

alfredang/skills

GitHub Stars

2

First Seen

Feb 19, 2026

Security Audits

Gen Agent Trust HubPass

secrets — alfredang/skills