Secret Rotator
Audit and rotate API keys, tokens, and secrets with expiry tracking and safe handling.
Why use this skill?
Secure your projects with the Secret Rotator. Automatically audit, track, and rotate API keys and tokens to stay compliant and prevent security breaches.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/sa9saq/secret-rotatorWhat This Skill Does
The Secret Rotator is an essential security utility for OpenClaw users, designed to automate the lifecycle management of sensitive credentials such as API keys, database passwords, and service tokens. By performing proactive audits across local directories, the skill identifies outdated secrets, tracks their age, and provides a clear roadmap for rotation. It helps prevent security breaches caused by stale, compromised, or over-privileged credentials by ensuring consistent adherence to rotation policies. It handles discovery, age analysis, and structured reporting without ever exposing the sensitive string values of your keys, ensuring that your security workflow remains isolated and protected.
Installation
To integrate this skill into your environment, run the following command within your terminal or OpenClaw interface:
clawhub install openclaw/skills/skills/sa9saq/secret-rotator
Ensure your agent instance has read permissions for the directories containing your development configurations and environment files.
Use Cases
- Proactive Security Audits: Regularly scan your project directories to identify secrets that have exceeded your organization's maximum allowed lifespan (e.g., 90 days).
- Credential Lifecycle Management: Manage the transition between old and new tokens during routine infrastructure maintenance.
- Compliance Reporting: Provide a documented summary of secret inventory and age, aiding in security compliance checks.
- Risk Mitigation: Locate redundant or exposed keys across multiple configuration files to ensure synchronized updates.
Example Prompts
- "Hey Claw, please scan my
~/projects/backenddirectory for any secrets that haven't been rotated in over 180 days." - "List all the API keys found in my local
.envfiles and tell me which ones are approaching their expiry date based on the 90-day policy." - "I need to rotate my Stripe API key. Can you find all configuration files where this key is currently stored so I can update them?"
Tips & Limitations
- Always verify: The skill provides a metadata-only report. When performing manual rotation, ensure you verify the success of the new key via the respective service's status dashboard.
- Permissions: The tool requires file read access. For best results, ensure your
.gitignoreis correctly configured before starting an audit. - Environment Variables: Keys existing solely as shell exports cannot be tracked via file timestamps. The skill is most effective when secrets are kept in tracked configuration or
.envfiles. - Safety First: The Secret Rotator is designed with a 'zero-knowledge' approach; it will never store, transmit, or display full credentials in the chat output.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-sa9saq-secret-rotator": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write
Related Skills
threat-model
Threat modeling and attack scenario design. Identify risks before they become vulnerabilities. STRIDE, attack trees, risk matrix.
Sns Auto Poster
Schedule and automate social media posts to X/Twitter with cron-based queue management.
security-review
Comprehensive security review for code, configs, and operations. OWASP, prompt injection, crypto security. Auto-triggers on security-related changes.
Process Monitor
Monitor system processes, identify top CPU/memory consumers, and alert on resource thresholds.
Readme Generator
Auto-generate comprehensive README.md files by analyzing project structure and configuration.