원클릭으로
gum-hasp
Use when a gum workflow needs local secrets protected by HASP.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Use when a gum workflow needs local secrets protected by HASP.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | gum-hasp |
| description | Use when a gum workflow needs local secrets protected by HASP. |
Use this when gum work also needs local secrets outside Google's OAuth flow.
gum handles Google API discovery, OAuth login, local refresh-token storage, and guarded API calls.
HASP handles repo, test, and deploy secrets for commands and agents.
Install HASP and run setup:
brew tap gethasp/homebrew-tap
brew install hasp
hasp setup
Read HASP at https://github.com/gethasp/hasp before changing secret policy.
Register gum OAuth secrets through stdin:
printf '%s' "$GOOGLE_OAUTH_CLIENT_SECRET" \
| gum auth use-oauth-client --client-id "$GOOGLE_OAUTH_CLIENT_ID" --secret-stdin
Put other secrets in HASP, then run gum under a short grant:
hasp secret add
hasp app connect gum-work --cmd 'gum doctor' --install=never
hasp run --project-root . \
--target gum-work \
--grant-project session \
--grant-secret session \
-- gum doctor --format=json
Keep secret values out of prompts, repo files, shell history, and agent notes.
Use gum for Google API calls. Use HASP for non-Google secrets the command needs. Give agents the narrowest HASP grant that lets the command run.
Run hasp secret diff .env before committing a repo that used to carry plaintext secrets.