一键导入
secrets-management
Never commit secrets, manage credentials securely using environment variables, vaults, and Hack23 ISMS key management policy
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Never commit secrets, manage credentials securely using environment variables, vaults, and Hack23 ISMS key management policy
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | secrets-management |
| description | Never commit secrets, manage credentials securely using environment variables, vaults, and Hack23 ISMS key management policy |
| license | Apache-2.0 |
Ensure secure handling of sensitive credentials, API keys, tokens, and cryptographic keys throughout development and deployment lifecycle across all Hack23 projects. Enforces zero-tolerance for hardcoded secrets.
MUST:
.env, *.key, *.pem, *.p12 in .gitignoreMUST NOT:
.env files, private keys, or certificates to git| Secret Type | Recommended Storage | Rotation |
|---|---|---|
| API Keys | GitHub Secrets / AWS Secrets Manager | Quarterly |
| Database Credentials | AWS Secrets Manager / Vault | Quarterly |
| JWT Signing Keys | AWS Secrets Manager | Annually |
| TLS Certificates | AWS Certificate Manager | Auto-renewed |
| Encryption Keys | AWS KMS | Annually |
| Service Tokens | GitHub Secrets | Quarterly |
Pre-commit scanning:
git-secrets, gitleaks, or trufflehog for automated detectionCI/CD scanning:
gitleaks in CI pipelineGitHub Agentic Workflows (gh-aw) - markdown-based AI automation with 5-layer security, safe outputs, and Continuous AI patterns
gh-aw CLI usage, compilation, testing, debugging, add-wizard, and CI/CD practices for GitHub Agentic Workflows
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
5-layer defense-in-depth security for GitHub Agentic Workflows - safe outputs, threat detection, AWF firewall, and zero-trust patterns
Continuous AI patterns from Agent Factory - issue triage, documentation sync, code quality, security scanning, and project coordination
GDPR compliance including privacy by design, data protection requirements, consent management, right to be forgotten, and data breach response