gcp-production-secret-handler
gcp-production-secret-handler
This skill implements the secure pattern for secret handling used in the dev-signal agent. It ensures sensitive credentials (API keys, client secrets) are fetched from Google Secret Manager directly into local memory, avoiding global environment variables that can be leaked through logs or traces.
Usage
Ask Antigravity to:
- "Implement secure secret handling for my production agent"
- "Use the dev-signal secret pattern"
- "Fetch secrets from Secret Manager into a dictionary"
The Pattern
- Local Dev: Uses a
.envfile for fast iteration. - Production: Uses the
google-cloud-secret-managerSDK to fetch specific versions of secrets. - Isolation: Secrets are stored in a Python dictionary (
SECRETS) and passed as explicit parameters to toolset constructors or agent initializers. - No global env injection: Avoids using
os.environ[secret_id] = value.
Python Boilerplate
More from googlecloudplatform/devrel-demos
go-backend-dev
Specialist in implementing robust HTTP services and APIs in Go. Activates for "endpoint", "handler", "API", "server".
41go-reviewer
Expert code reviewer focusing on idiomatic Go, concurrency safety, and clean code principles. Activates for "review", "idiomatic", "refactor".
41go-architect
Expert in Go project scaffolding, standard layout compliance, and dependency management. Activates for "new project", "structure", "layout".
36go-test-expert
Expert in Go testing patterns, table-driven tests, httptest, benchmarking, and fuzzing. Activates for "test", "fail", "benchmark", "debug", "fuzz".
35latest-software-version
>
34go-project-setup
>
26