Env Secrets Manager
Env & Secrets Manager
$ npx promptcreek add env-secrets-managerAuto-detects your installed agents and installs the skill to each one.
What This Skill Does
The Env & Secrets Manager skill manages environment-variable hygiene and secrets safety across local development and production workflows. It focuses on auditing, drift awareness, and rotation readiness. This skill is useful for security, devops, and development teams.
When to Use
- Before pushing commits that touched env/config files
- During security audits and incident triage
- When onboarding contributors who need safe env conventions
- When validating that no obvious secrets are hardcoded
- Scanning a repository for likely secret leaks
- Validating no obvious secrets are hardcoded
Key Features
Installation
$ npx promptcreek add env-secrets-managerAuto-detects your installed agents (Claude Code, Cursor, Codex, etc.) and installs the skill to each one.
View Full Skill Content
Env & Secrets Manager
Tier: POWERFUL
Category: Engineering
Domain: Security / DevOps / Configuration Management
Overview
Manage environment-variable hygiene and secrets safety across local development and production workflows. This skill focuses on practical auditing, drift awareness, and rotation readiness.
Core Capabilities
.envand.env.examplelifecycle guidance- Secret leak detection for repository working trees
- Severity-based findings for likely credentials
- Operational pointers for rotation and containment
- Integration-ready outputs for CI checks
When to Use
- Before pushing commits that touched env/config files
- During security audits and incident triage
- When onboarding contributors who need safe env conventions
- When validating that no obvious secrets are hardcoded
Quick Start
# Scan a repository for likely secret leaks
python3 scripts/env_auditor.py /path/to/repo
JSON output for CI pipelines
python3 scripts/env_auditor.py /path/to/repo --json
Recommended Workflow
- Run
scripts/env_auditor.pyon the repository root. - Prioritize
criticalandhighfindings first. - Rotate real credentials and remove exposed values.
- Update
.env.exampleand.gitignoreas needed. - Add or tighten pre-commit/CI secret scanning gates.
Reference Docs
references/validation-detection-rotation.mdreferences/secret-patterns.md
Common Pitfalls
- Committing real values in
.env.example - Rotating one system but missing downstream consumers
- Logging secrets during debugging or incident response
- Treating suspected leaks as low urgency without validation
Best Practices
- Use a secret manager as the production source of truth.
- Keep dev env files local and gitignored.
- Enforce detection in CI before merge.
- Re-test application paths immediately after credential rotation.
Supported Agents
Attribution
Details
- License
- MIT
- Source
- seeded
- Published
- 3/17/2026
Tags
Related Skills
Agent Protocol
Inter-agent communication protocol for C-suite agent teams. Defines invocation syntax, loop prevention, isolation rules, and response formats. Use when C-suite agents need to query each other, coordinate cross-functional analysis, or run board meetings with multiple agent roles.
CTO Advisor
Technical leadership guidance for engineering teams, architecture decisions, and technology strategy. Use when assessing technical debt, scaling engineering teams, evaluating technologies, making architecture decisions, establishing engineering metrics, or when user mentions CTO, tech debt, technical debt, team scaling, architecture decisions, technology evaluation, engineering metrics, DORA metrics, or technology strategy.
Agent Workflow Designer
Agent Workflow Designer