From role-devops
Secrets management expertise covering HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, SOPS, Kubernetes sealed secrets, rotation policies, zero-trust injection, environment variable management, and CI/CD secrets handling.
npx claudepluginhub rnavarych/alpha-engineer --plugin role-devopsThis skill is limited to using the following tools:
- Setting up or auditing a centralized secret store (Vault, cloud-native, or SOPS)
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Guides implementation of event-driven hooks in Claude Code plugins using prompt-based validation and bash commands for PreToolUse, Stop, and session events.
references/vault-cloud-sops.md — Core principles, HashiCorp Vault HA/auto-unseal/KV v2/dynamic secrets/Kubernetes auth/audit backend, AWS Secrets Manager and GCP Secret Manager resource policies and rotation, SOPS encryption with KMS/PGP and Helm secrets plugin, Bitnami Sealed Secrets with kubeseal and key rotation schedule, rotation policy schedules by secret type (DB/API/TLS/SSH/tokens)references/injection-cicd.md — Zero-trust runtime injection patterns, Vault Agent Injector annotations, CSI Secret Store Driver SecretProviderClass, file-based injection preference rationale, startup env var validation pattern, GitHub Secrets and GitLab CI Variables scoping, OIDC federation for AWS and GCP from GitHub Actions/GitLab CI, CI log masking verification.env files excluded from version control