← 返回 Skills 市场
Secrets Management
作者
brandonwise
· GitHub ↗
· v1.0.0
835
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install secrets-management
功能描述
Securely store, manage, rotate, and integrate secrets (API keys, passwords, certificates) in CI/CD pipelines using Vault, AWS Secrets Manager, and native tools.
安全使用建议
This skill's instructions are broadly consistent with a secrets-management guide, but the registry metadata is incomplete. Before installing or following the examples: (1) treat the SKILL.md examples as templates only — do not copy dev-mode Vault with a root token into production; (2) expect to need tools and credentials not listed in metadata (vault, aws-cli, docker, jq, kubectl, terraform, and CI provider secrets like VAULT_TOKEN, AWS_ACCESS_KEY_ID/SECRET); (3) ensure any credentials you supply use least-privilege IAM roles or short-lived tokens and never paste real secrets into examples; (4) verify the skill's publisher/source (homepage is missing) and prefer packages that explicitly declare required env vars and binaries; (5) if you need to trust this skill for automation, ask the author to update metadata to list required env vars/binaries and to replace insecure examples (vault -dev with root token) with safe, production-oriented instructions.
功能分析
Type: OpenClaw Skill
Name: secrets-management
Version: 1.0.0
The OpenClaw AgentSkills bundle is benign, providing comprehensive documentation and code examples for secure secrets management using various tools like HashiCorp Vault, AWS Secrets Manager, and Kubernetes External Secrets. All code snippets (shell commands, YAML, Python, HCL) are illustrative examples for setting up, integrating, rotating, and scanning secrets, aligning perfectly with the stated purpose. There is no evidence of malicious intent, data exfiltration, persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent within the `SKILL.md` or `_meta.json` files. The content focuses on best practices and legitimate security tools.
能力评估
Purpose & Capability
The skill's name and description (Vault, AWS Secrets Manager, CI/CD integration) align with the instructions and snippets in SKILL.md. However, the declared metadata lists no required environment variables or binaries even though the instructions repeatedly reference Vault, AWS CLI, GitHub/GitLab CI secrets, kubectl/ExternalSecrets, Terraform, docker, jq, and other tools. The tool choices are appropriate for the stated purpose, but the metadata omission is a mismatch.
Instruction Scope
The runtime instructions explicitly reference and expect secret-bearing environment variables and credentials (e.g., VAULT_TOKEN, VAULT_ADDR, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, $GITHUB_ENV, GitHub/GitLab secrets). The SKILL.md also shows commands that read/write secrets (vault kv put/get, aws secretsmanager get-secret-value, echoing secrets into $GITHUB_ENV, using add-mask), and runs containers (trufflehog) and CLIs (vault, aws, docker, jq). The metadata does not declare these dependencies, and the instructions include risky examples such as starting Vault in dev mode with a root token, which is insecure if copied to production.
Install Mechanism
This is an instruction-only skill with no install spec, so nothing is written to disk by the skill itself. That lowers installation risk, but the guidance presumes availability of many external binaries/containers (vault, aws-cli, kubectl, terraform, docker, trufflesecurity/trufflehog image) without declaring them. Consumers must provision those tools separately; the omission is a documentation/metadata gap.
Credentials
Although the skill is about secrets, the declared registry metadata lists no required environment variables or primary credential. SKILL.md requires/uses multiple sensitive variables (VAULT_TOKEN, VAULT_ADDR, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, $VAULT_TOKEN in CI, etc.). The skill should have declared these expected env vars in metadata and explained least-privilege requirements. As-is, there's a mismatch between the sensitivity of what's used and what the package declares.
Persistence & Privilege
The skill does not request always:true and does not include install hooks or code that would persist in the agent. It is user-invocable and permits model invocation (the platform default), which is appropriate for this kind of guidance-only skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secrets-management - 安装完成后,直接呼叫该 Skill 的名称或使用
/secrets-management触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Vault, AWS Secrets Manager, K8s External Secrets, rotation patterns
元数据
常见问题
Secrets Management 是什么?
Securely store, manage, rotate, and integrate secrets (API keys, passwords, certificates) in CI/CD pipelines using Vault, AWS Secrets Manager, and native tools. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 835 次。
如何安装 Secrets Management?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secrets-management」即可一键安装,无需额外配置。
Secrets Management 是免费的吗?
是的,Secrets Management 完全免费(开源免费),可自由下载、安装和使用。
Secrets Management 支持哪些平台?
Secrets Management 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secrets Management?
由 brandonwise(@brandonwise)开发并维护,当前版本 v1.0.0。
推荐 Skills