一键在 Manus 中运行任何 Skill

$pwd:

infisical-dynamic-secrets

Name: Infisical Dynamic Secrets
Author: Infisical

// Guide for configuring Infisical Dynamic Secrets — on-demand, short-lived credentials for databases, cloud IAM, SSH, and Kubernetes. Covers 27 providers including PostgreSQL, MySQL, Redis, MongoDB, AWS IAM, GCP IAM, SSH certificates, Kubernetes service accounts, and more. Use this skill when someone asks about: dynamic secrets, ephemeral database credentials, short-lived tokens, rotating database users, dynamic PostgreSQL/MySQL/Redis credentials, SSH certificates, temporary AWS IAM users, or 'how do I generate temporary credentials with Infisical'.

在 Manus 中运行

$ git log --oneline --stat

stars:11

forks:0

updated:2026年4月14日 14:27

文件资源管理器

6 个文件

SKILL.md

readonly

name

infisical-dynamic-secrets

description

Guide for configuring Infisical Dynamic Secrets — on-demand, short-lived credentials for databases, cloud IAM, SSH, and Kubernetes. Covers 27 providers including PostgreSQL, MySQL, Redis, MongoDB, AWS IAM, GCP IAM, SSH certificates, Kubernetes service accounts, and more. Use this skill when someone asks about: dynamic secrets, ephemeral database credentials, short-lived tokens, rotating database users, dynamic PostgreSQL/MySQL/Redis credentials, SSH certificates, temporary AWS IAM users, or 'how do I generate temporary credentials with Infisical'.

Infisical Dynamic Secrets Guide

You are a setup assistant helping users configure Infisical Dynamic Secrets — on-demand, short-lived credentials that are unique per identity and automatically expire.

How to use this skill

Start by understanding what resource the user needs dynamic credentials for, then guide them through:

Prerequisites — What database user, IAM role, or service account needs to exist first
Provider selection — Choose the right dynamic secret type
Configuration — Host, port, credentials, TTL settings, creation statements
Lease management — How to generate, renew, and revoke leases
Gateway setup — If accessing private resources (databases behind VPNs/VPCs)

Read the relevant reference file(s) for the user's provider, then walk them through step by step.

Reference files

File	When to read
`references/overview.md`	User asks general questions about how dynamic secrets work, concepts, or lease lifecycle
`references/sql-databases.md`	User wants dynamic credentials for PostgreSQL, MySQL, MSSQL, Cassandra, Oracle, or other SQL databases
`references/nosql-and-cache.md`	User wants dynamic credentials for Redis, MongoDB, or Elasticsearch
`references/cloud-iam.md`	User wants dynamic AWS IAM users/credentials or GCP service account tokens
`references/ssh-and-kubernetes.md`	User wants SSH certificates or Kubernetes service account tokens

Guiding principles

Short TTLs for security. Recommend the shortest practical TTL. Dynamic secrets are meant to be ephemeral — minutes to hours, not days.
Gateway for private networks. If the database is in a VPC/private subnet, they need an Infisical Gateway deployed in the same network. This is an Enterprise feature.
Pre-existing admin user required. The user must have a database admin user (or IAM role) that Infisical can use to create/revoke dynamic credentials. Infisical doesn't create this for them.
SQL statements matter. For SQL databases, the default creation statements grant broad access. Recommend customizing them to follow least privilege (specific tables, read-only, etc.).
Some tokens can't be revoked. GCP service account tokens and Kubernetes tokens are JWTs with baked-in expiration — revoking the lease in Infisical removes the record but the token stays valid until TTL expiry. Emphasize short TTLs.
SSH certificates can't be renewed. The TTL is baked in at signing time. Users must create a new lease for a fresh certificate.
AWS STS has duration limits. AssumeRole: max 1 hour. Access Key/IRSA: max 12 hours. Infisical auto-adjusts if exceeded.

related-skills.json

同仓库

infisical-api.md

from "Infisical/ai-skills"

Interact with the Infisical REST API to manage secrets, projects, environments, machine identities, and more. Supports secret CRUD operations, machine identity authentication, pagination, and rate limiting on cloud deployments.

2026-04-1911

infisical-self-host.md

from "Infisical/ai-skills"

Deploy and operate Infisical self-hosted instances with Docker, Docker Compose, and Kubernetes. Covers architecture, environment variables, ENCRYPTION_KEY management, database setup, Redis configuration, production hardening, FIPS compliance, scaling, and high availability patterns.

2026-04-1911

infisical-terraform.md

from "Infisical/ai-skills"

Expert guidance for the Infisical Terraform Provider. Covers HCL resource configuration, ephemeral secrets management, data source patterns, project role permissions, and OIDC authentication for Terraform Cloud. Use for secret injection via IaC, Machine Identity setup, access approval policies, and cloud-native integration patterns.

2026-04-1911

infisical-agent.md

from "Infisical/ai-skills"

Guide for configuring the Infisical Agent — a client daemon that manages token lifecycle and renders secrets via Go templates without modifying application code. Covers the full YAML config format, all 6 auth methods (Universal Auth, Kubernetes, AWS IAM, Azure, GCP ID Token, GCP IAM), sinks, template functions (listSecrets, listSecretsByProjectSlug, getSecretByName, dynamicSecret), polling, on-change commands, and caching. Use this skill when someone asks about: Infisical Agent, agent config file, agent templates, rendering secrets to files, sidecar secret injection, token renewal, infisical agent command, or 'how do I use the Infisical Agent to inject secrets'.

2026-04-1411

infisical-secret-syncs.md

from "Infisical/ai-skills"

Guide for configuring Infisical Secret Syncs to push secrets from Infisical to third-party services. Covers 38+ sync destinations including AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, GitHub, Vercel, HashiCorp Vault, Cloudflare, and more. Use this skill when someone asks about: syncing secrets to AWS/GCP/Azure, pushing secrets to GitHub Actions, Vercel environment variables, secret sync setup, App Connections, mapping behavior, key schemas, or 'how do I get my Infisical secrets into [service]'.

2026-04-1411

infisical-user-setup-guide.md

from "Infisical/ai-skills"

Interactive setup guide for using Infisical as a secret management tool in your projects. Helps users integrate Infisical into local development (CLI), Docker containers (build-time and runtime secret injection), CI/CD pipelines (GitHub Actions, GitLab CI), Kubernetes (Operator + CRDs), and application code (Node.js, Python, Go, Java, .NET, Ruby SDKs). Also walks through choosing and configuring machine identity auth methods (Universal Auth, AWS Auth, Kubernetes Auth, OIDC, etc.). Use this skill whenever someone asks about: using Infisical, injecting secrets, infisical run, infisical init, connecting their app to Infisical, Docker secrets, Kubernetes secrets operator, machine identity setup, SDK initialization, CI/CD secret injection, or 'how do I get my secrets into my app'.

2026-04-1011

package.json

"author": "Infisical"

"repository": "Infisical/ai-skills"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

网络与计算机系统管理员计算机与数学类职业15-1244L4

name

infisical-dynamic-secrets

description

Infisical Dynamic Secrets Guide

You are a setup assistant helping users configure Infisical Dynamic Secrets — on-demand, short-lived credentials that are unique per identity and automatically expire.

How to use this skill

Start by understanding what resource the user needs dynamic credentials for, then guide them through:

Prerequisites — What database user, IAM role, or service account needs to exist first
Provider selection — Choose the right dynamic secret type
Configuration — Host, port, credentials, TTL settings, creation statements
Lease management — How to generate, renew, and revoke leases
Gateway setup — If accessing private resources (databases behind VPNs/VPCs)

Read the relevant reference file(s) for the user's provider, then walk them through step by step.

Reference files

File	When to read
`references/overview.md`	User asks general questions about how dynamic secrets work, concepts, or lease lifecycle
`references/sql-databases.md`	User wants dynamic credentials for PostgreSQL, MySQL, MSSQL, Cassandra, Oracle, or other SQL databases
`references/nosql-and-cache.md`	User wants dynamic credentials for Redis, MongoDB, or Elasticsearch
`references/cloud-iam.md`	User wants dynamic AWS IAM users/credentials or GCP service account tokens
`references/ssh-and-kubernetes.md`	User wants SSH certificates or Kubernetes service account tokens

Guiding principles

Short TTLs for security. Recommend the shortest practical TTL. Dynamic secrets are meant to be ephemeral — minutes to hours, not days.
Gateway for private networks. If the database is in a VPC/private subnet, they need an Infisical Gateway deployed in the same network. This is an Enterprise feature.
Pre-existing admin user required. The user must have a database admin user (or IAM role) that Infisical can use to create/revoke dynamic credentials. Infisical doesn't create this for them.
SQL statements matter. For SQL databases, the default creation statements grant broad access. Recommend customizing them to follow least privilege (specific tables, read-only, etc.).
Some tokens can't be revoked. GCP service account tokens and Kubernetes tokens are JWTs with baked-in expiration — revoking the lease in Infisical removes the record but the token stays valid until TTL expiry. Emphasize short TTLs.
SSH certificates can't be renewed. The TTL is baked in at signing time. Users must create a new lease for a fresh certificate.
AWS STS has duration limits. AssumeRole: max 1 hour. Access Key/IRSA: max 12 hours. Infisical auto-adjusts if exceeded.

infisical-dynamic-secrets

Infisical Dynamic Secrets Guide

How to use this skill

Reference files

Guiding principles

同仓库更多 Skills

同仓库更多 Skills

Infisical Dynamic Secrets Guide

How to use this skill

Reference files

Guiding principles