secrets-management

📁 autumnsgrove/groveengine 📅 8 days ago

总安装量

周安装量

#47436

全站排名

安装命令

npx skills add https://github.com/autumnsgrove/groveengine --skill secrets-management

Agent 安装分布

replit 1

opencode 1

codex 1

claude-code 1

gemini-cli 1

Skill 文档

Secrets Management Skill

When to Activate

Activate this skill when:

Setting up API keys or credentials
Creating secrets.json files
Implementing secrets loading patterns
Working with .env files
Integrating external APIs requiring authentication
Ensuring credentials are not committed to git

Core Principles

Security Fundamentals

NEVER hardcode API keys in source code
ALWAYS add secrets.json to .gitignore immediately
ALWAYS provide a secrets_template.json for setup reference
Use environment variable fallbacks for CI/CD compatibility

Standard File Structure

project/
âââ secrets.json          # Actual secrets (NEVER commit)
âââ secrets_template.json # Template with placeholder values (commit this)
âââ .gitignore           # Must include secrets.json
âââ .env                 # Alternative for env vars (also gitignored)

Implementation Pattern

secrets.json Format

{
  "anthropic_api_key": "sk-ant-api03-...",
  "openrouter_api_key": "sk-or-v1-...",
  "openai_api_key": "sk-...",
  "database_url": "postgresql://user:pass@localhost/db",
  "comment": "Add your API keys here. Keep this file private."
}

Python Loading Pattern

import os
import json
from pathlib import Path

def load_secrets():
    """Load secrets from secrets.json with env var fallback."""
    secrets_path = Path(__file__).parent / "secrets.json"
    try:
        with open(secrets_path, 'r') as f:
            return json.load(f)
    except (FileNotFoundError, json.JSONDecodeError):
        return {}

SECRETS = load_secrets()

# Use with environment variable fallback
API_KEY = SECRETS.get("anthropic_api_key", os.getenv("ANTHROPIC_API_KEY", ""))

Setup Checklist

Create secrets_template.json with placeholder values
Copy to secrets.json and add real credentials
Add secrets.json to .gitignore
Implement secrets loading in application
Verify git status shows secrets.json as untracked

Security Best Practices

DO â

Store keys in secrets.json
Add to .gitignore immediately
Provide template files for setup
Use environment variable fallbacks
Rotate keys after team changes

DON’T â

Hardcode API keys
Commit actual credentials
Log full API keys
Share keys via email/chat

Key Format Reference

Provider	Format
Anthropic	`sk-ant-api03-...`
OpenRouter	`sk-or-v1-...`
OpenAI	`sk-...`
AWS Access	`AKIA...`

Related Resources

See AgentUsage/secrets_management.md for complete documentation including:

Advanced loading patterns with validation
.env file integration
Automated testing patterns
Emergency key rotation procedures
Production deployment strategies

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台