| name | secure-credentials |
| description | AES-256-GCM credential encryption with PBKDF2 key derivation (100k iterations) and OS keyring integration. Use for secure storage of secrets, API keys, and tokens. |
| version | 2.0.0-rc |
| author | Kernel Architecture Team |
| triggers | ["store credential","save secret","encrypt api key","credentials"] |
| tools | ["mcp__kernel-v2-credentials__store","mcp__kernel-v2-credentials__retrieve","mcp__kernel-v2-credentials__delete","mcp__kernel-v2-credentials__list","mcp__kernel-v2-credentials__rotate_key"] |
Secure Credentials Skill
Purpose
Provides secure credential storage using AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations) and OS keyring integration for maximum security.
When to Use
- Store API keys, tokens, or secrets securely
- Retrieve stored credentials
- Rotate encryption keys
- List stored credentials
Available MCP Tools
| Tool | Description |
|---|
mcp__kernel-v2-credentials__store | Store credential with encryption |
mcp__kernel-v2-credentials__retrieve | Retrieve and decrypt credential |
mcp__kernel-v2-credentials__delete | Delete stored credential |
mcp__kernel-v2-credentials__list | List all stored credential names |
mcp__kernel-v2-credentials__rotate_key | Rotate master encryption key |
Security Features
- AES-256-GCM: Authenticated encryption
- PBKDF2: 100,000 iterations for key derivation
- OS Keyring: System credential storage integration
- Key Rotation: Support for rotating master key
Workflow
Store a Credential
- Call
mcp__kernel-v2-credentials__store with name and value
- Credential is encrypted and stored
- Returns success confirmation
Retrieve a Credential
- Call
mcp__kernel-v2-credentials__retrieve with name
- Credential is decrypted and returned
- Access is logged for audit
Rotate Master Key
- Call
mcp__kernel-v2-credentials__rotate_key
- All credentials are re-encrypted with new key
- Old key is securely discarded
Best Practices
- Never store credentials in plaintext
- Use unique names for each credential
- Rotate keys periodically
- Audit credential access regularly
Related Skills
oauth-auth: For OAuth token management
token-refresh: For automatic token refresh
audit-logging: For logging credential access