security-review-owasp-secrets-management

Community

Stop secret leaks before they spread

Authorsjinks
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps reviewers find where secrets are exposed, over-shared, poorly rotated, or difficult to recover during an incident, reducing the risk of credential theft and blast-radius expansion.

Core Features & Use Cases

  • Secret storage review: Checks whether credentials are centralized, encrypted, and protected from plaintext exposure in repositories, configs, images, and backups.
  • Access and lifecycle analysis: Evaluates least-privilege access, rotation, revocation, expiration, and ownership for API keys, tokens, database passwords, TLS keys, and signing material.
  • CI/CD and runtime handling: Inspects pipelines, runners, containers, and orchestrators for secret injection paths that could leak through logs, artifacts, debug access, or broad branch permissions.
  • Use case: Review a deployment pipeline to confirm production secrets are injected only when needed, never echoed, and revocable quickly during a compromise.

Quick Start

Use the secrets-management skill to review the relevant code, configuration, and pipeline files for how secrets are stored, injected, rotated, logged, and revoked.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-review-owasp-secrets-management
Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-secrets-management

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.