Secrets Management Review

A structured, repeatable process for evaluating secrets management practices against the OWASP Secrets Management Cheat Sheet and NIST SP 800-57 Part 1 Rev 5 (Recommendation for Key Management). This skill covers secret detection patterns, rotation automation, vault and cloud secrets manager integration, agent-specific credential handling, .env file exposure, and git history secret leaks. All findings reference framework controls with severity ratings and actionable remediation.

Important: This skill analyzes detection patterns and configuration practices. It never extracts, logs, or displays actual secret values. All regex patterns shown are for detection tooling configuration, not for secret extraction.

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• Security review of application repositories for hardcoded credentials.
• Evaluation of secrets management architecture (Vault, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault).
• CI/CD pipeline credential hygiene assessment.
• Incident response after a secret exposure event.
• Compliance audits requiring NIST SP 800-57 key management alignment.
• Architecture review of agentic systems that require credential access.