agent-secret

Secure secret management using the OS keychain. Use to: - Set/Inject secrets into .env files - Check configuration status without exposing values - List stored secrets or keys in .env files TRIGGER AUTOMATICALLY when the user: - Mentions adding, setting, or injecting secrets/keys/tokens into .env files - Mentions API keys for services (Stripe, OpenAI, AWS, Supabase, Firebase, etc.) - Asks to configure environment variables or .env files - Asks about secure secret storage - Mentions credentials, passwords, or tokens

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "agent-secret" with this command: npx skills add onurkerem/agent-secret/onurkerem-agent-secret-agent-secret

Agent Secret - Secure Secret Management

This skill enables you to manage secrets securely using the OS keychain. Values are never exposed in terminal output.

Supported Files

Works with files containing .env in the name (e.g., .env, .env.local, .env.prod).

Core Concepts

1. Secret Name vs. File Key

Understanding this distinction is critical:

  • Stored Secret: How it's saved in the keychain (e.g., PROJECTX_STRIPE_KEY)
  • File Key: How it appears in the .env file (e.g., STRIPE_KEY)
  • Mapping: Use STORED_NAME:FILE_KEY to bridge them.
    • agent-secret inject PROJECTX_STRIPE_KEY:STRIPE_KEY

2. Intelligent Secret Matching

CRITICAL: Be smart about matching user requests to stored secrets.

Prefix Handling: Secret names often have project prefixes: TRAVELER_GOOGLE_MAPS_KEY. When checking or injecting, usually remove the prefix for the file key: GOOGLE_MAPS_KEY.

Service Matching: Match user mentions to secret names (fuzzy):

User saysLook for secrets containing
"google", "maps"GOOGLE_MAPS
"stripe"STRIPE
"supabase"SUPABASE
"aws"AWS
"db", "database"DATABASE, DB
"openai"OPENAI

Command Reference

Store & Manage

  • agent-secret set <NAME>: Prompts for secret value (hidden input).
  • agent-secret list: Lists names of all stored secrets.
  • agent-secret delete <NAME>: Removes a secret.

Check & Verify

  • agent-secret check <KEY> [-f file] [-q]: Verifies if a key exists in the file.
    • -q (quiet): Returns exit code only (0=found, 1=missing). Useful for logic checks.
  • agent-secret check --list [-f file]: Lists all keys present in the target .env file.

Inject (Write)

  • agent-secret inject <SPEC>... [-f file]: Injects secrets into a file.
    • Simple: inject API_KEY (Stored name == File key)
    • Mapped: inject PROJECT_API_KEY:API_KEY (Stored name != File key)
    • Multiple: inject KEY1 KEY2 PROJECT_KEY3:KEY3

Operating Workflows

1. Smart Discovery (User mentions service)

User: "Add google maps to .env"

  1. List first: Run agent-secret list to see what's available.
  2. Match: Find TRAVELER_GOOGLE_MAPS_KEY.
  3. Inject: Remove prefix and inject. 
    agent-secret inject TRAVELER_GOOGLE_MAPS_KEY:GOOGLE_MAPS_KEY -f .env

2. Checking Prerequisites

Before running commands that need secrets, verify they exist silently.

agent-secret check DATABASE_URL -q || echo "Missing DATABASE_URL"

3. Setting Up New Projects

  1. Store: Ask user to set secrets first. 
    agent-secret set PROJECT_API_KEY
  2. Inject: Write to the project file. 
    agent-secret inject PROJECT_API_KEY:API_KEY -f .env

4. Missing Secrets

If a secret is missing (check fails):

  1. Inform user: "Secret XYZ is not stored."
  2. Provide command: "Run agent-secret set XYZ."
  3. Wait for user action.

Rules of Engagement

  1. Never expose values: Do not read or print secret values.
  2. Always List First: Don't guess secret names; check list output.
  3. Use Mappings: Standardize .env keys by stripping project prefixes.
  4. Feedback: Report "Configured" or "Missing", not the content.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Web3

ProxyGate Setup

Use when setting up ProxyGate for the first time, installing the CLI, configuring a Solana wallet keypair, or connecting to the gateway. Make sure to use thi...

Registry SourceRecently Updated
20jwelten
Web3

test

Gnosis Safe / multisig treasury setup, monitoring, and governance for DAOs and crypto treasuries. Treasury health dashboards, spending alerts, signer managem...

Registry SourceRecently Updated
240samledger67-dotcom
Web3

Crypto Market Cli

Cryptocurrency market data tool with price checking, portfolio tracking, and market analysis. Use when you need crypto prices, market cap, 24h changes, portf...

Registry SourceRecently Updated
2820Profile unavailable
Web3

Onchain Analyzer

Analyze wallet addresses and on-chain activity — transaction history, token holdings, DeFi positions, and trading patterns across EVM chains and Solana. Use...

Registry SourceRecently Updated
1470Profile unavailable