How does it protect against accidental secret leaks?

It implements always-on hooks that block write operations containing hardcoded API keys and prevents bash commands from exporting bare secrets.

Does it check if my local tools are installed correctly?

Yes, the skill performs toolchain validation and provides specific installation commands if mise, fnox, or Infisical are missing from your system.

Can I use this skill to set up a new project?

Yes, the skill can guide you through initializing fnox, connecting Infisical, and configuring mise environment plugins for a secure start.

Is .infisical.json safe to commit to Git?

Yes, .infisical.json contains project and workspace IDs but no actual secrets, making it safe to commit for team collaboration.

What tools does the DevTools Secrets skill support?

This skill specifically supports the integration of mise (task runner), fnox (secret interface), and Infisical (secrets backend) for a unified workflow.

DevTools Secrets Manager

Name: DevTools Secrets Manager
Author: basher83

bybasher83

•

Security & Testing

Orchestrates and secures development environments using the mise, fnox, and Infisical secrets management toolchain.

About

The DevTools Secrets skill provides specialized knowledge and automated guardrails for developers using the mise, fnox, and Infisical stack. It helps configure unified secret interfaces, validates local tool availability, and manages the integration chain between remote secret backends and local task runners. By enforcing strict security hygiene through active hooks that block hardcoded credentials and unsafe exports, this skill ensures that sensitive environment variables are handled correctly across development, staging, and production environments.

Key Features

Active security hooks to block hardcoded API keys and sensitive tokens in code
13 GitHub stars
Real-time project configuration state analysis for fnox.toml and .infisical.json
Prevention of unsafe environment variable exports via bash command monitoring
Automated toolchain validation for mise, fnox, and Infisical installations
Integration guidance for wrapping mise tasks with fnox for secure secret injection

Use Cases

Setting up fnox to abstract multiple secret backends into a single local CLI interface
Auditing local development environments for secret leaks and missing security configurations
Configuring a new project to use Infisical as a centralized remote secrets provider

About

Key Features

Active security hooks to block hardcoded API keys and sensitive tokens in code
13 GitHub stars
Real-time project configuration state analysis for fnox.toml and .infisical.json
Prevention of unsafe environment variable exports via bash command monitoring
Automated toolchain validation for mise, fnox, and Infisical installations
Integration guidance for wrapping mise tasks with fnox for secure secret injection

Use Cases

Setting up fnox to abstract multiple secret backends into a single local CLI interface
Auditing local development environments for secret leaks and missing security configurations
Configuring a new project to use Infisical as a centralized remote secrets provider