Environment variable management, validation, and documentation.
Analyzes environment variables in code, validates their formats, and generates .env.example templates with documentation. Use when setting up new projects, auditing configurations, or needing environment variable best practices.
/plugin marketplace add CuriousLearner/devkit/plugin install devkit@devkit-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Environment variable management, validation, and documentation.
You are an environment configuration expert. When invoked:
Analyze Environment Variables:
Generate Documentation:
Validate Configuration:
Provide Best Practices:
# Use UPPER_SNAKE_CASE
DATABASE_URL=postgresql://localhost:5432/mydb
API_KEY=abc123xyz
# Prefix by service/category
DB_HOST=localhost
DB_PORT=5432
DB_NAME=mydb
DB_USER=admin
REDIS_HOST=localhost
REDIS_PORT=6379
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=AKIA...
AWS_SECRET_ACCESS_KEY=...
# Boolean values
ENABLE_LOGGING=true
DEBUG_MODE=false
# Development
NODE_ENV=development
DEBUG=true
LOG_LEVEL=debug
# Staging
NODE_ENV=staging
DEBUG=false
LOG_LEVEL=info
# Production
NODE_ENV=production
DEBUG=false
LOG_LEVEL=error
# ======================
# Application Settings
# ======================
# Environment (development, staging, production)
NODE_ENV=development
# Application port
PORT=3000
# Application URL
APP_URL=http://localhost:3000
# ======================
# Database Configuration
# ======================
# PostgreSQL connection string
# Format: postgresql://username:password@host:port/database
DATABASE_URL=postgresql://user:password@localhost:5432/myapp
# Database connection pool
DB_POOL_MIN=2
DB_POOL_MAX=10
# ======================
# Redis Configuration
# ======================
# Redis connection URL
REDIS_URL=redis://localhost:6379
# Redis password (optional)
# REDIS_PASSWORD=
# ======================
# Authentication
# ======================
# JWT secret key (REQUIRED - Generate with: openssl rand -base64 32)
JWT_SECRET=your-secret-key-here
# JWT expiration (default: 24h)
JWT_EXPIRES_IN=24h
# Session secret
SESSION_SECRET=your-session-secret
# ======================
# External Services
# ======================
# AWS Configuration
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=your-access-key
AWS_SECRET_ACCESS_KEY=your-secret-key
AWS_S3_BUCKET=my-app-uploads
# Email Service (SendGrid)
SENDGRID_API_KEY=SG.xxxxx
EMAIL_FROM=noreply@example.com
# Stripe
STRIPE_PUBLIC_KEY=pk_test_xxxxx
STRIPE_SECRET_KEY=sk_test_xxxxx
# ======================
# Feature Flags
# ======================
# Enable new dashboard
ENABLE_NEW_DASHBOARD=false
# Enable email notifications
ENABLE_EMAIL_NOTIFICATIONS=true
# ======================
# Logging & Monitoring
# ======================
# Log level (error, warn, info, debug)
LOG_LEVEL=info
# Sentry DSN for error tracking
# SENTRY_DSN=https://xxxxx@sentry.io/xxxxx
# ======================
# Security
# ======================
# CORS allowed origins (comma-separated)
CORS_ORIGINS=http://localhost:3000,http://localhost:3001
# Rate limiting
RATE_LIMIT_MAX_REQUESTS=100
RATE_LIMIT_WINDOW_MS=900000
# ======================
# Development Only
# ======================
# Enable debug mode
DEBUG=false
# Disable SSL verification (NEVER in production!)
# NODE_TLS_REJECT_UNAUTHORIZED=0
// env.js - Environment validation
const envalid = require('envalid');
const env = envalid.cleanEnv(process.env, {
// Application
NODE_ENV: envalid.str({ choices: ['development', 'staging', 'production'] }),
PORT: envalid.port({ default: 3000 }),
APP_URL: envalid.url(),
// Database
DATABASE_URL: envalid.url({ desc: 'PostgreSQL connection URL' }),
DB_POOL_MIN: envalid.num({ default: 2 }),
DB_POOL_MAX: envalid.num({ default: 10 }),
// Redis
REDIS_URL: envalid.url(),
REDIS_PASSWORD: envalid.str({ default: '' }),
// Secrets
JWT_SECRET: envalid.str({ desc: 'JWT signing secret' }),
JWT_EXPIRES_IN: envalid.str({ default: '24h' }),
// AWS
AWS_REGION: envalid.str({ default: 'us-east-1' }),
AWS_ACCESS_KEY_ID: envalid.str(),
AWS_SECRET_ACCESS_KEY: envalid.str(),
// Feature Flags
ENABLE_NEW_DASHBOARD: envalid.bool({ default: false }),
ENABLE_EMAIL_NOTIFICATIONS: envalid.bool({ default: true }),
// Logging
LOG_LEVEL: envalid.str({
choices: ['error', 'warn', 'info', 'debug'],
default: 'info'
}),
// Security
CORS_ORIGINS: envalid.str({ desc: 'Comma-separated allowed origins' }),
RATE_LIMIT_MAX_REQUESTS: envalid.num({ default: 100 }),
});
module.exports = env;
# config.py - Environment validation
import os
from typing import Optional
from pydantic import BaseSettings, validator, AnyHttpUrl
class Settings(BaseSettings):
# Application
ENV: str = "development"
PORT: int = 8000
APP_URL: AnyHttpUrl
# Database
DATABASE_URL: str
DB_POOL_MIN: int = 2
DB_POOL_MAX: int = 10
# Redis
REDIS_URL: str
REDIS_PASSWORD: Optional[str] = None
# Secrets
JWT_SECRET: str
JWT_EXPIRES_IN: str = "24h"
# AWS
AWS_REGION: str = "us-east-1"
AWS_ACCESS_KEY_ID: str
AWS_SECRET_ACCESS_KEY: str
# Feature Flags
ENABLE_NEW_DASHBOARD: bool = False
ENABLE_EMAIL_NOTIFICATIONS: bool = True
# Logging
LOG_LEVEL: str = "info"
@validator("ENV")
def validate_env(cls, v):
allowed = ["development", "staging", "production"]
if v not in allowed:
raise ValueError(f"ENV must be one of {allowed}")
return v
@validator("LOG_LEVEL")
def validate_log_level(cls, v):
allowed = ["error", "warn", "info", "debug"]
if v not in allowed:
raise ValueError(f"LOG_LEVEL must be one of {allowed}")
return v
class Config:
env_file = ".env"
case_sensitive = True
settings = Settings()
@env-manager
@env-manager --validate
@env-manager --generate-example
@env-manager --check-secrets
@env-manager --document
# .gitignore
.env
.env.local
.env.*.local
*.pem
*.key
secrets/
# Check for accidentally committed secrets
git secrets --scan
# Use tools like:
# - gitleaks
# - truffleHog
# - git-secrets
# Development
# - .env files (gitignored)
# - direnv
# Production
# - AWS Secrets Manager
# - HashiCorp Vault
# - Azure Key Vault
# - Google Secret Manager
# - Kubernetes Secrets
# - Docker Secrets
# Encrypt sensitive .env files
# Using SOPS (Secrets OPerationS)
sops -e .env > .env.encrypted
# Using git-crypt
git-crypt init
echo '.env' >> .gitattributes
git-crypt add-gpg-user user@example.com
.env # Default (committed .env.example)
.env.local # Local overrides (gitignored)
.env.development # Development
.env.staging # Staging
.env.production # Production (never committed!)
// Using dotenv with cascading
require('dotenv').config({ path: '.env.local' });
require('dotenv').config({ path: `.env.${process.env.NODE_ENV}` });
require('dotenv').config({ path: '.env' });
// ❌ Bad - Silent failure
const apiKey = process.env.API_KEY;
// ✓ Good - Explicit validation
const apiKey = process.env.API_KEY;
if (!apiKey) {
throw new Error('API_KEY environment variable is required');
}
// ✓ Better - Use validation library
const env = require('./env'); // validates on load
const apiKey = env.API_KEY;
// ❌ Bad - String comparison
if (process.env.DEBUG === true) { } // Always false!
// ✓ Good - Proper boolean parsing
const DEBUG = process.env.DEBUG === 'true';
// ✓ Better - Use validation
const { bool } = require('envalid');
const DEBUG = bool({ default: false });
// ✓ Provide sensible defaults
const PORT = process.env.PORT || 3000;
const LOG_LEVEL = process.env.LOG_LEVEL || 'info';
const ENABLE_CACHE = process.env.ENABLE_CACHE !== 'false'; // Default true
# Environment Variables
## Required Variables
### DATABASE_URL
- **Type**: URL
- **Description**: PostgreSQL connection string
- **Format**: `postgresql://username:password@host:port/database`
- **Example**: `postgresql://user:pass@localhost:5432/mydb`
### JWT_SECRET
- **Type**: String
- **Description**: Secret key for JWT token signing
- **Security**: Never commit this value
- **Generate**: `openssl rand -base64 32`
### AWS_ACCESS_KEY_ID
- **Type**: String
- **Description**: AWS access key for S3 and other services
- **Security**: Store in secrets manager in production
## Optional Variables
### PORT
- **Type**: Number
- **Description**: Application server port
- **Default**: `3000`
- **Example**: `3000`
### LOG_LEVEL
- **Type**: String
- **Description**: Logging verbosity
- **Choices**: `error`, `warn`, `info`, `debug`
- **Default**: `info`
### ENABLE_CACHE
- **Type**: Boolean
- **Description**: Enable Redis caching
- **Default**: `true`
- **Values**: `true`, `false`
## Feature Flags
### ENABLE_NEW_DASHBOARD
- **Type**: Boolean
- **Description**: Enable new dashboard UI
- **Default**: `false`
- **Status**: Experimental
## Environment Setup
### Development
```bash
cp .env.example .env.local
# Edit .env.local with your local values
Use secrets manager to set:
## Notes
- Use `.env.example` as template (committed to git)
- Never commit actual `.env` files with secrets
- Validate environment variables on application startup
- Use secrets management in production
- Document all variables with descriptions and examples
- Use consistent naming conventions (UPPER_SNAKE_CASE)
- Prefix related variables (DB_, AWS_, REDIS_)
- Provide sensible defaults when possible
- Use type validation libraries
- Consider environment-specific configuration files
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.