Agent Skills: Secrets Vault Manager

>

engineeringID: borghei/claude-skills/secrets-vault-manager

Repository

borgheiLicense: NOASSERTION
34669

Install this agent skill to your local

pnpm dlx add-skill https://github.com/borghei/Claude-Skills/tree/HEAD/engineering/secrets-vault-manager

Skill Files

Browse the full folder contents for secrets-vault-manager.

Download Skill

Loading file tree…

engineering/secrets-vault-manager/SKILL.md

Skill Metadata

Name
secrets-vault-manager
Description
>

Secrets Vault Manager

Category: Engineering Domain: Secrets Management & Security

Overview

The Secrets Vault Manager skill provides tools for generating HashiCorp Vault configurations, planning and scheduling secret rotation cycles, and analyzing vault audit logs for suspicious access patterns. Essential for teams managing secrets at scale.

Clarify First

Before generating configs or plans, confirm these inputs. If any is unknown or vague, ASK — do not assume:

  • [ ] Task — config generation / rotation planning / audit-log analysis (selects the script and the entire workflow)
  • [ ] Environment & secrets engines — e.g. production + kv/database/transit (--env, --secrets-engines; shapes the generated HCL)
  • [ ] Secrets inventory & classification — Critical/High/Medium/Low per secret (drives rotation frequencies and the schedule)

Stop rule: ask only the 2-3 that most change the output. If the user says "just draft it," proceed and list your assumptions at the top of the artifact.

Quick Start

# Generate Vault configuration
python scripts/vault_config_generator.py --env production --secrets-engines kv,database,transit

# Plan secret rotation schedule
python scripts/rotation_planner.py --inventory secrets_inventory.json

# Analyze vault audit logs
python scripts/audit_log_analyzer.py --log-file vault_audit.log --format json

Tools Overview

| Tool | Purpose | Key Flags | |------|---------|-----------| | vault_config_generator.py | Generate HashiCorp Vault configurations | --env, --secrets-engines, --auth-methods | | rotation_planner.py | Plan and schedule secret rotation cycles | --inventory, --policy, --format | | audit_log_analyzer.py | Analyze vault audit logs for anomalies | --log-file, --time-range, --format |

Workflows

Initial Vault Setup

  1. Define environment and required secrets engines
  2. Run vault_config_generator.py to generate HCL configs
  3. Review and customize generated configurations
  4. Apply via Terraform or Vault CLI

Secret Rotation Planning

  1. Create secrets inventory (JSON)
  2. Run rotation_planner.py to generate schedule
  3. Review rotation plan and adjust frequencies
  4. Implement automated rotation where possible

Audit Log Investigation

  1. Export vault audit logs
  2. Run audit_log_analyzer.py for anomaly detection
  3. Review flagged events
  4. Investigate suspicious access patterns

Reference Documentation

Common Patterns

Secret Classification

  • Critical: Database credentials, API master keys, encryption keys
  • High: Service account tokens, OAuth secrets, TLS certificates
  • Medium: Third-party API keys, webhook secrets
  • Low: Public API keys, non-sensitive configuration