What file permissions does the skill apply?

It strictly enforces 700 permissions for the ./secrets directory and 600 permissions for individual secret files, ensuring they are only accessible by the specific owner and not the root user.

How does it handle containers that don't natively support Docker secrets?

The skill can generate custom docker-entrypoint.sh scripts to safely load secret files into environment variables at runtime for applications that do not support the _FILE suffix.

Can this skill detect secrets already committed to my repository?

Yes, it includes auditing capabilities to scan git history, configuration files, and environment variables for potential leaks or exposed credentials that need to be removed or rotated.

Why should I use this skill instead of just using a .env file?

Plaintext .env files are often accidentally committed to git and lack fine-grained permission controls. This skill migrates credentials to Docker secrets, which are stored in a protected directory and handled securely by the container runtime.

Does it support secret rotation?

Yes, the skill can generate new secure values, update your docker-compose.yml definitions, and verify the new configuration to facilitate seamless credential rotation.

GitLab Stack Secrets Manager | Claude Code Skill

The GitLab Stack Secrets Manager is a specialized skill for Claude Code designed to enforce security best practices for project credentials within containerized environments. It automates the entire lifecycle of Docker secrets—from cryptographically secure generation and permission management to comprehensive auditing for credential leaks in .env or docker-compose.yml files. By centralizing secrets in a protected directory and automating the migration of plaintext variables, this skill helps developers maintain production-grade security standards and prevent accidental exposure in version control systems.

Key Features

01Automated migration of plaintext environment variables to secure Docker secrets

02Detailed validation reports identifying critical security vulnerabilities and required actions

03Comprehensive security auditing to detect exposed credentials in config files and git history

04Strict permission enforcement (700/600) and ownership validation for secret storage

055 GitHub stars

06Cryptographically secure secret generation with support for Hex, Base64, and UUID formats

Use Cases

01Performing security audits on GitLab stack repositories to ensure no API keys or passwords are leaked

02Migrating legacy Docker projects from vulnerable .env files to secure Docker secrets architecture

03Generating and rotating production-grade credentials for databases, JWTs, and third-party services

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rknall/claude-skills secrets-manager

For use in Claude.ai and ChatGPT

Download Skill