Skill

secrets-rotation

Implements automated secrets rotation for API keys, credentials, certificates, and encryption keys with zero-downtime and audit logging. Use for secrets lifecycle management, compliance, or security hardening.

AWS

Javascript

Python

Kubernetes

security

Install

npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- [Overview](#overview)

Supporting Assets

references/kubernetes-secrets-rotation.mdreferences/nodejs-secrets-manager-with-rotation.mdreferences/python-secrets-rotation-with-vault.mdscripts/security-checklist.sh

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars180

Forks28

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

Secrets Rotation

Table of Contents

Overview

Implement automated secrets rotation strategy for credentials, API keys, certificates, and encryption keys with zero-downtime deployment and comprehensive audit logging.

When to Use

API key management

Database credentials

TLS/SSL certificates

Encryption key rotation

Compliance requirements

Security incident response

Service account management

Quick Start

Minimal working example:

// secrets-manager.js const AWS = require("aws-sdk"); const crypto = require("crypto"); class SecretsManager { constructor() { this.secretsManager = new AWS.SecretsManager({ region: process.env.AWS_REGION, }); this.rotationSchedule = new Map(); } /** * Generate new secret value */ generateSecret(type = "api_key", length = 32) { switch (type) { case "api_key": return crypto.randomBytes(length).toString("hex"); case "password": // Generate strong password const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*"; // ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide

Contents

Node.js Secrets Manager with Rotation

Python Secrets Rotation with Vault

Kubernetes Secrets Rotation

Best Practices

✅ DO

Automate rotation

Use grace periods

Verify new secrets

Maintain rotation audit trail

Implement rollback procedures

Monitor rotation failures

Use managed services (AWS Secrets Manager)

Test rotation procedures

❌ DON'T

Hardcode secrets

Share secrets

Skip verification

Rotate without grace period

Ignore rotation failures

Store secrets in version control