Apply Juicebox security best practices. Use when securing API keys, implementing access controls, or auditing Juicebox integration security. Trigger with phrases like "juicebox security", "secure juicebox", "juicebox API key security", "juicebox access control".
/plugin marketplace add jeremylongshore/claude-code-plugins-plus-skills/plugin install juicebox-pack@claude-code-plugins-plusThis skill is limited to using the following tools:
Implement security best practices for Juicebox API integration.
NEVER do this:
// BAD - hardcoded API key
const client = new JuiceboxClient({
apiKey: 'jb_prod_xxxxxxxxxxxxxxxxx'
});
DO this instead:
// GOOD - environment variable
const client = new JuiceboxClient({
apiKey: process.env.JUICEBOX_API_KEY
});
For production, use secret managers:
// AWS Secrets Manager
import { SecretsManager } from '@aws-sdk/client-secrets-manager';
async function getApiKey(): Promise<string> {
const client = new SecretsManager({ region: 'us-east-1' });
const secret = await client.getSecretValue({
SecretId: 'juicebox/api-key'
});
return JSON.parse(secret.SecretString!).apiKey;
}
// Google Secret Manager
import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
async function getApiKey(): Promise<string> {
const client = new SecretManagerServiceClient();
const [version] = await client.accessSecretVersion({
name: 'projects/my-project/secrets/juicebox-api-key/versions/latest'
});
return version.payload!.data!.toString();
}
// middleware/juicebox-auth.ts
export function requireJuiceboxAccess(requiredScope: string) {
return async (req: Request, res: Response, next: NextFunction) => {
const user = req.user;
if (!user) {
return res.status(401).json({ error: 'Authentication required' });
}
const hasScope = user.permissions.includes(`juicebox:${requiredScope}`);
if (!hasScope) {
return res.status(403).json({ error: 'Insufficient permissions' });
}
next();
};
}
// Usage
app.get('/api/search',
requireJuiceboxAccess('search:read'),
async (req, res) => {
// ... search logic
}
);
// lib/audit-logger.ts
export class JuiceboxAuditLogger {
async logAccess(event: AuditEvent): Promise<void> {
const entry = {
timestamp: new Date().toISOString(),
userId: event.userId,
action: event.action,
resource: event.resource,
ip: event.ip,
userAgent: event.userAgent,
success: event.success,
metadata: event.metadata
};
await db.auditLogs.insert(entry);
// Alert on suspicious activity
if (this.isSuspicious(event)) {
await this.sendAlert(entry);
}
}
private isSuspicious(event: AuditEvent): boolean {
return (
event.action === 'bulk_export' ||
event.metadata?.resultCount > 1000 ||
this.isOffHours()
);
}
}
// lib/data-privacy.ts
export class DataPrivacyHandler {
// Redact PII before logging
redactPII(profile: Profile): RedactedProfile {
return {
...profile,
email: this.maskEmail(profile.email),
phone: profile.phone ? '***-***-' + profile.phone.slice(-4) : undefined
};
}
// Track data access for compliance
async recordDataAccess(
userId: string,
profileIds: string[],
purpose: string
): Promise<void> {
await db.dataAccessLog.insert({
userId,
profileIds,
purpose,
timestamp: new Date(),
retentionExpiry: addDays(new Date(), 90)
});
}
// Handle data deletion requests
async handleDeletionRequest(requestId: string): Promise<void> {
// Remove from local cache/storage
// Log compliance action
// Notify relevant systems
}
}
## Juicebox Security Audit Checklist
### API Key Management
- [ ] API keys stored in secret manager
- [ ] No hardcoded keys in code
- [ ] Keys rotated every 90 days
- [ ] Separate keys for dev/staging/prod
### Access Control
- [ ] Role-based access implemented
- [ ] Principle of least privilege
- [ ] Regular access reviews
### Logging & Monitoring
- [ ] All API calls logged
- [ ] Audit trail maintained
- [ ] Anomaly detection enabled
- [ ] Alerts configured
### Data Privacy
- [ ] PII handling documented
- [ ] Data retention policy
- [ ] GDPR/CCPA compliance
- [ ] Deletion request workflow
| Security Issue | Detection | Response |
|---|---|---|
| Key exposure | Git scanning | Rotate immediately |
| Unauthorized access | Audit logs | Revoke access |
| Data breach | Monitoring | Incident response |
After security setup, see juicebox-prod-checklist for deployment readiness.
This skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.
Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.