secrets-management
Installation
SKILL.md
Secrets Management Skill
Purpose
Ensure secure handling of sensitive credentials, API keys, tokens, and cryptographic keys throughout development and deployment lifecycle across all Hack23 projects. Enforces zero-tolerance for hardcoded secrets.
Rules
Golden Rules
MUST:
- Use environment variables or secrets managers for all credentials
- Use GitHub Actions secrets for CI/CD credentials
- Include
.env,*.key,*.pem,*.p12in.gitignore - Rotate secrets on a defined schedule (quarterly minimum)
- Use pre-commit hooks to detect secrets before they reach the repository
- Log all secret access and rotation events
- Immediately rotate any secret suspected of compromise