env-secrets-manager
Env & Secrets Manager
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/alirezarezvani/env-secrets-managerWhat This Skill Does
The env-secrets-manager is a comprehensive engineering tool designed to harden application configuration and secure sensitive credentials. It standardizes the lifecycle of environment files (.env) by providing robust validation, automated example generation, and seamless integration with enterprise-grade secret managers like HashiCorp Vault, AWS SSM, and Doppler. Beyond configuration, the skill acts as an automated security auditor, scanning your git history for exposed credentials to prevent accidental leaks before they happen. It automates the tedious aspects of DevOps by enforcing consistent schema definitions for environment variables, ensuring that development, staging, and production environments remain synchronized without risking the exposure of production keys.
Installation
To install this skill, run the following command in your terminal using the OpenClaw CLI:
clawhub install openclaw/skills/skills/alirezarezvani/env-secrets-manager
Use Cases
This skill is ideal for teams aiming to eliminate 'configuration drift' where code behaves differently across environments. It is best utilized during the initial project scaffolding phase to set up structural integrity for configurations. Furthermore, it is a critical tool for incident response; if a secret is accidentally committed, the skill provides a clear, automated workflow to rotate, revoke, and redeploy credentials across your entire infrastructure. It also aids developer onboarding by providing a structured roadmap of all necessary environment variables, effectively reducing the time spent debugging missing-key errors.
Example Prompts
- "Scan my repository for any accidentally committed AWS keys or secret tokens in the last 50 commits."
- "Generate an .env.example file based on my existing .env.local, stripping out all actual values while preserving my comments."
- "Validate my current .env file against the project requirements and identify any missing mandatory variables for the production environment."
Tips & Limitations
To maximize the utility of this skill, ensure your .gitignore is configured correctly using the provided patterns to prevent local development secrets from ever hitting the repository. Note that while this skill excels at detecting leaks, it cannot 'un-commit' secrets already stored in your git history without a history rewrite (such as using BFG Repo-Cleaner or git-filter-repo). Always treat secret managers as the source of truth for production and use this skill to sync local environments rather than storing production secrets in static files.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-alirezarezvani-env-secrets-manager": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write, external-api
Related Skills
intl-expansion
International market expansion strategy. Market selection, entry modes, localization, regulatory compliance, and go-to-market by region. Use when expanding to new countries, evaluating international markets, planning localization, or building regional teams.
marketing-strategy-pmm
Product marketing skill for positioning, GTM strategy, competitive intelligence, and product launches. Use when the user asks about product positioning, go-to-market planning, competitive analysis, target audience definition, ICP definition, market research, launch plans, or sales enablement. Covers April Dunford positioning, ICP definition, competitive battlecards, launch playbooks, and international market entry. Produces deliverables including positioning statements, battlecard documents, launch plans, and go-to-market strategies.
paid-ads
When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization.
qms-audit-expert
ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
code-reviewer
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.