What This Skill Does
Scans codebases for hardcoded secrets, API keys, and environment variable vulnerabilities. Helps developers:
- Detect leaked credentials in .env files, source code, and git history
- Set up pre-commit hooks to prevent secret leaks
- Migrate to secure secret managers (AWS Secrets Manager, Vault, 1Password, Infisical)
- Compare configurations across dev/staging/production environments
Problem It Solves
Based on security research, developers frequently accidentally commit secrets to git repositories. This skill addresses a major pain point documented by GitGuardian, CyberArk, and the security community - secret sprawl and credential leaks are among the top security vulnerabilities in 2026.
Who Uses This
- Developers auditing codebases for security vulnerabilities
- DevOps engineers setting up secure CI/CD pipelines
- Security teams implementing secret scanning
- Teams migrating from .env files to secret managers
Sources & Inspiration
Example Use Cases
- Pre-deployment security audit to catch hardcoded secrets
- Setting up automated secret scanning in CI/CD pipelines
- Migrating legacy applications to AWS Secrets Manager or Vault
- Preventing accidental credential commits with pre-commit hooks
- Comparing environment configurations across dev/staging/production
Key Features
- 5 practical workflows for secret detection and management
- Detection patterns for AWS keys, GitHub tokens, OpenAI keys, Stripe keys, JWT tokens
- Pre-commit hook setup with Gitleaks
- Migration guides for 4 secret managers (comparison table included)
- CI/CD integration examples (GitHub Actions, GitLab CI)
- Security best practices with clear do's and don'ts
- Quick reference commands for daily use
This skill is based on real developer pain points and follows contributing guidelines with proper attribution to security research sources.
@CoreSheepchecks…add-secrets-security-scanner → master2 files · +384 −0updated 3mo ago