Apply Groq security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Groq security configuration. Trigger with phrases like "groq security", "groq secrets", "secure groq", "groq API key security".
Applies Groq security best practices for API key management, access control, and configuration auditing.
/plugin marketplace add jeremylongshore/claude-code-plugins-plus-skills/plugin install groq-pack@claude-code-plugins-plusThis skill is limited to using the following tools:
Security best practices for Groq API keys, tokens, and access control.
# .env (NEVER commit to git)
GROQ_API_KEY=sk_live_***
GROQ_SECRET=***
# .gitignore
.env
.env.local
.env.*.local
# 1. Generate new key in Groq dashboard
# 2. Update environment variable
export GROQ_API_KEY="new_key_here"
# 3. Verify new key works
curl -H "Authorization: Bearer ${GROQ_API_KEY}" \
https://api.groq.com/health
# 4. Revoke old key in dashboard
| Environment | Recommended Scopes |
|---|---|
| Development | read:* |
| Staging | read:*, write:limited |
| Production | Only required scopes |
| Security Issue | Detection | Mitigation |
|---|---|---|
| Exposed API key | Git scanning | Rotate immediately |
| Excessive scopes | Audit logs | Reduce permissions |
| Missing rotation | Key age check | Schedule rotation |
const clients = {
reader: new GroqClient({
apiKey: process.env.GROQ_READ_KEY,
}),
writer: new GroqClient({
apiKey: process.env.GROQ_WRITE_KEY,
}),
};
import crypto from 'crypto';
function verifyWebhookSignature(
payload: string, signature: string, secret: string
): boolean {
const expected = crypto.createHmac('sha256', secret).update(payload).digest('hex');
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
.env files in .gitignoreinterface AuditEntry {
timestamp: Date;
action: string;
userId: string;
resource: string;
result: 'success' | 'failure';
metadata?: Record<string, any>;
}
async function auditLog(entry: Omit<AuditEntry, 'timestamp'>): Promise<void> {
const log: AuditEntry = { ...entry, timestamp: new Date() };
// Log to Groq analytics
await groqClient.track('audit', log);
// Also log locally for compliance
console.log('[AUDIT]', JSON.stringify(log));
}
// Usage
await auditLog({
action: 'groq.api.call',
userId: currentUser.id,
resource: '/v1/resource',
result: 'success',
});
For production deployment, see groq-prod-checklist.
Expert guidance for Next.js Cache Components and Partial Prerendering (PPR). **PROACTIVE ACTIVATION**: Use this skill automatically when working in Next.js projects that have `cacheComponents: true` in their next.config.ts/next.config.js. When this config is detected, proactively apply Cache Components patterns and best practices to all React Server Component implementations. **DETECTION**: At the start of a session in a Next.js project, check for `cacheComponents: true` in next.config. If enabled, this skill's patterns should guide all component authoring, data fetching, and caching decisions. **USE CASES**: Implementing 'use cache' directive, configuring cache lifetimes with cacheLife(), tagging cached data with cacheTag(), invalidating caches with updateTag()/revalidateTag(), optimizing static vs dynamic content boundaries, debugging cache issues, and reviewing Cache Component implementations.