playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / env-secret-detector

env-secret-detector skill

/skills/03-security-fundamentals/env-secret-detector

This skill helps you implement and validate env secret detector workflows, delivering production-ready configurations and best-practice security guidance.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill env-secret-detector

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.2 KB
---
name: "env-secret-detector"
description: |
  Detect env secret detector operations. Auto-activating skill for Security Fundamentals.
  Triggers on: env secret detector, env secret detector
  Part of the Security Fundamentals skill category. Use when working with env secret detector functionality. Trigger with phrases like "env secret detector", "env detector", "env".
allowed-tools: "Read, Write, Grep, Bash(npm:*)"
version: 1.0.0
license: MIT
author: "Jeremy Longshore <[email protected]>"
---

# Env Secret Detector

## Overview

This skill provides automated assistance for env secret detector tasks within the Security Fundamentals domain.

## When to Use

This skill activates automatically when you:
- Mention "env secret detector" in your request
- Ask about env secret detector patterns or best practices
- Need help with essential security skills covering authentication, input validation, secure coding practices, and basic vulnerability detection.

## Instructions

1. Provides step-by-step guidance for env secret detector
2. Follows industry best practices and patterns
3. Generates production-ready code and configurations
4. Validates outputs against common standards

## Examples

**Example: Basic Usage**
Request: "Help me with env secret detector"
Result: Provides step-by-step guidance and generates appropriate configurations


## Prerequisites

- Relevant development environment configured
- Access to necessary tools and services
- Basic understanding of security fundamentals concepts


## Output

- Generated configurations and code
- Best practice recommendations
- Validation results


## Error Handling

| Error | Cause | Solution |
|-------|-------|----------|
| Configuration invalid | Missing required fields | Check documentation for required parameters |
| Tool not found | Dependency not installed | Install required tools per prerequisites |
| Permission denied | Insufficient access | Verify credentials and permissions |


## Resources

- Official documentation for related tools
- Best practices guides
- Community examples and tutorials

## Related Skills

Part of the **Security Fundamentals** skill category.
Tags: security, authentication, validation, owasp, secure-coding

Overview

This skill detects and guides remediation of secrets and sensitive values exposed in environment configurations. It is an auto-activating security helper for Security Fundamentals that provides practical checks, configuration suggestions, and remediation steps to reduce secret leakage risk. Use it when working on environment files, CI/CD variables, or deployment configs.

How this skill works

The skill scans environment files, CI/CD variable definitions, and deployment manifests for patterns that indicate secrets (API keys, tokens, passwords, private keys). It flags likely exposures, ranks findings by severity, and generates remediation actions such as rotation, encryption, or moving secrets to a secrets manager. It also provides sample configurations and validation checks aligned with common security standards.

When to use it

  • When you suspect secrets are stored in .env, config files, or source control
  • When preparing CI/CD pipelines and you need to secure environment variables
  • When auditing deployments for leaked credentials or misconfigured secrets
  • When you need quick remediation steps for exposed tokens or keys
  • When validating that environment handling follows security best practices

Best practices

  • Avoid storing secrets in plaintext files; use a secrets manager or encrypted store
  • Use short-lived tokens and rotate credentials immediately when exposure is detected
  • Limit environment variable scope and follow least-privilege for service accounts
  • Add automated scanning in CI to prevent commits with secrets
  • Mask or redact secrets in logs and error reports

Example use cases

  • Scan a repository to find accidental commits of .env files or API keys
  • Review CI pipeline variables to identify hard-coded credentials and suggest migration to a vault
  • Produce a remediation plan after a detected token leak, including rotation steps
  • Generate environment configuration examples that use secrets managers and secure access controls
  • Validate that deployment manifests do not expose private keys or database passwords

FAQ

Can the detector produce automated fixes?

It suggests concrete fixes and produces sample configs and scripts, but automated rotation or commits require user approval and appropriate credentials.

Which secret patterns does it detect?

It looks for common API key formats, bearer tokens, private key blocks, base64-encoded blobs, and high-entropy strings that match secret-like patterns.