creating-secrets-using-best-practices
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- Infrastructure Best Practices: The skill follows standard AWS security recommendations by enforcing KMS encryption with service-scoped policies (
kms:ViaService) and mandating encrypted transport (aws:SecureTransport). - Least-Privilege IAM Configuration: The procedures include specific instructions to generate scoped IAM policies that limit access to specific ARNs, reducing the risk of accidental over-permissioning.
- Secrets Management: The skill explicitly instructs the agent not to log or display secret values in outputs, which is a critical safety measure for handling sensitive data.
- Monitoring and Auditing: Mandatory integration with CloudTrail and CloudWatch for monitoring secret access and rotation failures ensures high visibility into security events.
Audit Metadata