volcengine-security-kms
Key lifecycle management with Volcengine KMS. Use when users need key creation, rotation policies, encryption/decryption workflows, or key permission troubleshooting.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/cinience/volcengine-security-kmsWhat This Skill Does
The volcengine-security-kms skill is a specialized agentic tool designed to integrate seamlessly with the Volcengine Key Management Service (KMS). It allows OpenClaw users to manage the entire lifecycle of cryptographic keys, from initial creation and configuration to rotation and decommissioning. By providing a structured interface for encryption and decryption workflows, the skill ensures that sensitive operations are handled with security best practices at the forefront. It acts as an intermediary, translating natural language requests into precise KMS API calls, allowing developers and security engineers to automate key management tasks without manually navigating the cloud provider console.
Installation
To integrate this skill into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/cinience/volcengine-security-kms
Ensure that you have your Volcengine credentials configured within the agent's environment variables or secure vault before running the installation, as the skill requires valid IAM permissions to communicate with the KMS service.
Use Cases
- Automating key rotation: Configure automatic rotation policies for sensitive production encryption keys to maintain compliance standards.
- Encryption as a Service: Integrate the skill into data processing pipelines to automatically encrypt PII or sensitive database fields before storage.
- Access Control Auditing: Troubleshoot key access issues by querying current policy bindings and identifying why a service might lack the necessary permissions to decrypt data.
- Disaster Recovery Preparation: Manage key exports and backups for cross-region disaster recovery scenarios, ensuring encrypted assets remain accessible.
Example Prompts
- "Rotate the encryption key named 'prod-db-key' and verify that the new policy allows read access to the service account 'backup-svc'."
- "Generate a new symmetric key for sensitive log encryption and return the key ID and its current status."
- "Decrypt the provided payload using the key 'finance-app-key' and confirm the integrity of the output."
Tips & Limitations
When using this skill, always adhere to the principle of least privilege; create keys with the minimum required scopes. Note that the skill does not store your encryption keys locally; it operates entirely via API calls to Volcengine. Avoid passing raw secrets directly into prompt history if you have logging enabled, as this can lead to security breaches. Always verify the status of a key before attempting cryptographic operations to avoid runtime failures. The skill is designed for administrative and orchestration tasks; high-frequency bulk encryption should be offloaded to direct application-level integrations for performance.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-cinience-volcengine-security-kms": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: external-api
Related Skills
volcengine-compute-ecs
Manage Volcengine ECS instances and related resources. Use when users need instance inventory, lifecycle operations, troubleshooting, or automation templates for ECS.
alicloud-ai-search-opensearch
Use OpenSearch vector search edition via the Python SDK (ha3engine) to push documents and run HA/SQL searches. Ideal for RAG and vector retrieval pipelines in Claude Code/Codex.
alicloud-storage-oss-ossutil
Alibaba Cloud OSS CLI (ossutil 2.0) skill. Install, configure, and operate OSS from the command line based on the official ossutil overview.
alicloud-platform-openapi-product-api-discovery
Discover and reconcile Alibaba Cloud product catalogs from Ticket System, Support & Service, and BSS OpenAPI; fetch OpenAPI product/version/API metadata; and summarize API coverage to plan new skills. Use when you need a complete product list, product-to-API mapping, or coverage/gap reports for skill generation.
alicloud-ai-image-qwen-image
Generate images with Model Studio DashScope SDK using Qwen Image generation models (qwen-image, qwen-image-plus, qwen-image-max and snapshots). Use when implementing or documenting image.generate requests/responses, mapping prompt/negative_prompt/size/seed/reference_image, or integrating image generation into the video-agent pipeline.