π¦ ClawHub
API credentials hygiene
by @kowl64
Audits and hardens API credential handling (env vars, separation, rotation plan, least privilege, auditability). Use when integrating services or preparing production deployments where secrets must be managed safely.
TERMINAL
clawhub install api-credentials-hygieneπ About This Skill
name: api-credentials-hygiene description: Audits and hardens API credential handling (env vars, separation, rotation plan, least privilege, auditability). Use when integrating services or preparing production deployments where secrets must be managed safely.
API credentials hygiene: env vars, rotation, least privilege, auditability
PURPOSE
Audits and hardens API credential handling (env vars, separation, rotation plan, least privilege, auditability).WHEN TO USE
INPUTS
OUTPUTS
.env template (placeholders only).WORKFLOW
1. Inventory credentials: - where stored, where used, and who owns them. 2. Define separation: - dev vs prod; human vs service accounts; per-integration boundaries. 3. Move secrets to env vars / secret manager references: - create an env var map and update config plan (no raw keys in code/workflows). 4. Least privilege: - for each API, enumerate required actions and reduce scopes/roles accordingly. 5. Rotation plan: - dual-key overlap if supported; steps to rotate with minimal downtime; rollback. 6. Auditability: - define what events are logged (auth failures, token refresh, key use where available). 7. STOP AND ASK THE USER if: - required operations are unknown, - secret injection method is unclear, - rotation cadence/owners are unspecified.OUTPUT FORMAT
Credential map template:CREDENTIAL MAP
Integration:
- Env vars:
- : (secret/non-secret)
- Permissions/scopes:
- Used by:
- Storage:
- Rotation: | |
- Audit:
If providing a template, output assets/dotenv-template.example with placeholders only.