secrets-management
Installation
SKILL.md
Secrets Management
Concept of the skill
A secret is any value that grants access or trust: an API key, a database password, an OAuth client secret, a session-signing key, a TLS private key, an encryption key, a webhook signing secret. Secrets management is the discipline of governing each secret's entire lifecycle — generation, storage, distribution, use, rotation, revocation, and audit — so the value never lands anywhere it can be read by the wrong party.
The single hardest truth: a secret in source code is compromised the moment it is pushed. Even if you delete it in the next commit, it lives in the repository's history, in every clone, in CI caches, and possibly in a fork. Treat a committed credential as already leaked — rotate it, do not just remove it.