zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-devops-secrets-manager-integrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:19:59 +08:00
commit 7872cd6ad6
11 changed files with 427 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,15 @@
{
"name": "secrets-manager-integrator",
"description": "Integrate with secrets managers (Vault, AWS Secrets Manager, etc)",
"version": "1.0.0",
"author": {
"name": "Claude Code Plugins",
"email": "[email protected]"
},
"skills": [
"./skills"
],
"commands": [
"./commands"
]
}

3
README.md Normal file
View File

@@ -0,0 +1,3 @@
# secrets-manager-integrator
Integrate with secrets managers (Vault, AWS Secrets Manager, etc)

25
commands/secrets-integrate.md Normal file
View File

@@ -0,0 +1,25 @@
---
description: $(echo "$description" | cut -d' ' -f1-5)
---
# $(echo "$name" | sed 's/-/ /g' | sed 's/\b\(.\)/\u\1/g')
$(echo "$description")
## Key Features
- Production-ready configurations
- Best practices implementation
- Security-first approach
- Scalable architecture
- Comprehensive documentation
- Multi-platform support
## Example Usage
This plugin generates complete configurations for your DevOps needs.
Specify your requirements and get production-ready code instantly.
## When Invoked
Generate configurations and setup code based on your specific requirements and infrastructure needs.

73
plugin.lock.json Normal file
View File

@@ -0,0 +1,73 @@
{
"$schema": "internal://schemas/plugin.lock.v1.json",
"pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/devops/secrets-manager-integrator",
"normalized": {
"repo": null,
"ref": "refs/tags/v20251128.0",
"commit": "a8e399b0ab8e779de726153fa1f001f215907766",
"treeHash": "0c733a18af6a4a0088b0eb1ede7d66b934ab8dd4eab200d08af8aedec0482816",
"generatedAt": "2025-11-28T10:18:43.393205Z",
"toolVersion": "publish_plugins.py@0.2.0"
},
"origin": {
"remote": "git@github.com:zhongweili/42plugin-data.git",
"branch": "master",
"commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
"repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
},
"manifest": {
"name": "secrets-manager-integrator",
"description": "Integrate with secrets managers (Vault, AWS Secrets Manager, etc)",
"version": "1.0.0"
},
"content": {
"files": [
{
"path": "README.md",
"sha256": "3b235007fa9dc6b1dc31cc4a0c3cbf1604fc823df483d82fb72ec5c05de668be"
},
{
"path": ".claude-plugin/plugin.json",
"sha256": "d13a9dfc15257e604613c059496e76f8075db3c4131a806a4546c9e01d09ce8b"
},
{
"path": "commands/secrets-integrate.md",
"sha256": "353f80054a90cda1e6716da3628115ce829307fbbb83a15b64f1d37c96224a99"
},
{
"path": "skills/secrets-manager-integrator/SKILL.md",
"sha256": "45f6bad263d9fb99c200e171f90d71c08714f04ae91daf6c72ce4e7fb2622b81"
},
{
"path": "skills/secrets-manager-integrator/references/README.md",
"sha256": "29fb4610482f5b83b917cdc898dfc3ea9632f8274327a61f466399cdc36ca895"
},
{
"path": "skills/secrets-manager-integrator/scripts/README.md",
"sha256": "992d751097a0e4227bc0b1031fcd07487ebb2c1e651673e5def0d5a791277cfc"
},
{
"path": "skills/secrets-manager-integrator/assets/vault_config_template.hcl",
"sha256": "bea81e1b9abf36477d5c18add62a8e8d9a7dca6e0e3674e454f657e1433d4ef5"
},
{
"path": "skills/secrets-manager-integrator/assets/README.md",
"sha256": "1023b658c063dea5feb463f730686ee1fcd10ed0a9115a6548b9968c82b4ac9a"
},
{
"path": "skills/secrets-manager-integrator/assets/example_secrets.yaml",
"sha256": "652f120853908cd66d6b90a6b51fc7f1b1ccf04f06aa8aaa5df603093d8131c3"
},
{
"path": "skills/secrets-manager-integrator/assets/aws_iam_policy_template.json",
"sha256": "70eac4057e7af6a19e326bd007516964d91e00efec69743224aeb27d7a169f10"
}
],
"dirSha256": "0c733a18af6a4a0088b0eb1ede7d66b934ab8dd4eab200d08af8aedec0482816"
},
"security": {
"scannedAt": null,
"scannerVersion": null,
"flags": []
}
}

55
skills/secrets-manager-integrator/SKILL.md Normal file
View File

@@ -0,0 +1,55 @@
---
name: integrating-secrets-managers
description: |
This skill enables Claude to seamlessly integrate with various secrets managers like HashiCorp Vault and AWS Secrets Manager. It generates configurations and setup code, ensuring best practices for secure credential management. Use this skill when you need to manage sensitive information, generate production-ready configurations, or implement a security-first approach for your DevOps infrastructure. Trigger terms include "integrate secrets manager", "configure Vault", "AWS Secrets Manager setup", "manage credentials securely", or requests for secure configuration generation.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
version: 1.0.0
---
## Overview
This skill empowers Claude to automate the integration of secrets managers into your infrastructure. It generates the necessary configuration files and setup code, ensuring a secure and efficient workflow for managing sensitive credentials.
## How It Works
1. **Identify Requirements**: Claude analyzes the user's request to determine the specific secrets manager and desired configurations.
2. **Generate Configuration**: Based on the identified requirements, Claude generates the appropriate configuration files (e.g., Vault policies, AWS IAM roles) and setup code.
3. **Provide Instructions**: Claude provides clear instructions on how to deploy and configure the generated code and integrate it into the existing infrastructure.
## When to Use This Skill
This skill activates when you need to:
- Integrate HashiCorp Vault into your infrastructure.
- Set up AWS Secrets Manager for secure credential storage.
- Generate configuration files for managing secrets.
- Implement best practices for secrets management.
## Examples
### Example 1: Integrating Vault with a Kubernetes Cluster
User request: "Integrate Vault with my Kubernetes cluster for managing database credentials."
The skill will:
1. Generate Vault policies for accessing database credentials.
2. Create Kubernetes service accounts with appropriate annotations for Vault integration.
3. Provide instructions for deploying the Vault agent injector to the Kubernetes cluster.
### Example 2: Setting up AWS Secrets Manager for API Keys
User request: "Set up AWS Secrets Manager to securely store API keys for my application."
The skill will:
1. Generate an IAM role with permissions to access AWS Secrets Manager.
2. Create a Secrets Manager secret containing the API keys.
3. Provide code snippets for retrieving the API keys from Secrets Manager within the application.
## Best Practices
- **Least Privilege**: Generate configurations that grant only the necessary permissions for accessing secrets.
- **Secure Storage**: Ensure that secrets are stored securely within the chosen secrets manager.
- **Regular Rotation**: Implement a strategy for regularly rotating secrets to minimize the impact of potential breaches.
## Integration
This skill can be used in conjunction with other skills for deploying applications, configuring infrastructure, and automating DevOps workflows. It provides a secure foundation for managing sensitive information across your entire infrastructure.

7
skills/secrets-manager-integrator/assets/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Assets
Bundled resources for secrets-manager-integrator skill
- [ ] vault_config_template.hcl: A template for Vault configuration files.
- [ ] aws_iam_policy_template.json: A template for AWS IAM policies for secrets management.
- [ ] example_secrets.yaml: Example secrets file for demonstration purposes.

75
skills/secrets-manager-integrator/assets/aws_iam_policy_template.json Normal file
View File

@@ -0,0 +1,75 @@
{
"_comment": "AWS IAM Policy Template for Secrets Manager Integrator Plugin",
"Version": "2012-10-17",
"Statement": [
{
"_comment": "Allow access to specific secrets in AWS Secrets Manager. Replace <region>, <account-id>, and <secret-name> with your actual values.",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource": [
"arn:aws:secretsmanager:<region>:<account-id>:secret/<secret-name>-*",
"arn:aws:secretsmanager:<region>:<account-id>:secret/<secret-name>"
]
},
{
"_comment": "Allow decryption of secrets encrypted with a specific KMS key. Replace <region>, <account-id>, and <kms-key-alias> with your actual values.",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:<region>:<account-id>:key/<kms-key-alias>"
],
"Condition": {
"StringEquals": {
"kms:ViaService": "secretsmanager.<region>.amazonaws.com"
}
}
},
{
"_comment": "Allow listing of secrets within a specified region. Use with caution as it grants broad access. Consider removing or restricting this for production environments.",
"Effect": "Allow",
"Action": [
"secretsmanager:ListSecrets"
],
"Resource": [
"*"
]
},
{
"_comment": "Optional: Allow creating secrets. Remove if not needed. Requires `secretsmanager:CreateSecret` permission.",
"Effect": "Allow",
"Action": [
"secretsmanager:CreateSecret"
],
"Resource": [
"arn:aws:secretsmanager:<region>:<account-id>:secret/*"
]
},
{
"_comment": "Optional: Allow deleting secrets. Remove if not needed. Requires `secretsmanager:DeleteSecret` permission.",
"Effect": "Allow",
"Action": [
"secretsmanager:DeleteSecret",
"secretsmanager:RestoreSecret"
],
"Resource": [
"arn:aws:secretsmanager:<region>:<account-id>:secret/*"
]
},
{
"_comment": "Optional: Allow updating secrets. Remove if not needed. Requires `secretsmanager:UpdateSecret` permission.",
"Effect": "Allow",
"Action": [
"secretsmanager:UpdateSecret",
"secretsmanager:PutSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:<region>:<account-id>:secret/*"
]
}
]
}

96
skills/secrets-manager-integrator/assets/example_secrets.yaml Normal file
View File

@@ -0,0 +1,96 @@
# Example secrets configuration file for the secrets-manager-integrator plugin.
# This file demonstrates how to configure connections to different secrets managers.
# Global configuration settings
global:
# Default secrets manager to use if not specified in a specific operation.
# Valid options: vault, aws_secrets_manager, azure_key_vault, google_secret_manager, file
default_manager: vault
# Enable debug logging (true/false)
debug: false
# Configuration for connecting to HashiCorp Vault
vault:
# Enable or disable Vault integration (true/false)
enabled: true
# Vault server address (e.g., https://vault.example.com:8200)
address: "https://REPLACE_ME_VAULT_ADDRESS:8200"
# Authentication method to use. Valid options: token, app_role, kubernetes
auth_method: token
# Token-based authentication configuration
token:
# Vault token to use for authentication
token: "YOUR_VAULT_TOKEN_HERE"
# AppRole-based authentication configuration (if auth_method is app_role)
app_role:
role_id: "YOUR_VAULT_ROLE_ID_HERE"
secret_id: "YOUR_VAULT_SECRET_ID_HERE"
# Kubernetes-based authentication configuration (if auth_method is kubernetes)
kubernetes:
role: "YOUR_VAULT_K8S_ROLE_HERE"
service_account_path: "/var/run/secrets/kubernetes.io/serviceaccount/token"
# Path prefix for secrets (e.g., secret/)
secret_path_prefix: "secret/"
# Configuration for connecting to AWS Secrets Manager
aws_secrets_manager:
# Enable or disable AWS Secrets Manager integration (true/false)
enabled: false
# AWS region (e.g., us-east-1)
region: "YOUR_AWS_REGION_HERE"
# AWS Access Key ID (optional, if not using IAM role)
aws_access_key_id: "REPLACE_ME_AWS_ACCESS_KEY_ID"
# AWS Secret Access Key (optional, if not using IAM role)
aws_secret_access_key: "REPLACE_ME_AWS_SECRET_ACCESS_KEY"
# ARN of the IAM role to assume (optional, for enhanced security)
role_arn: "YOUR_AWS_ROLE_ARN_HERE"
# Prefix for secrets (e.g., /my-app/)
secret_prefix: "/my-app/"
# Configuration for Azure Key Vault
azure_key_vault:
# Enable or disable Azure Key Vault integration (true/false)
enabled: false
# Azure Key Vault URL (e.g., https://my-key-vault.vault.azure.net/)
vault_url: "https://YOUR_KEY_VAULT_NAME.vault.azure.net/"
# Azure Tenant ID
tenant_id: "YOUR_AZURE_TENANT_ID_HERE"
# Azure Client ID (Application ID)
client_id: "YOUR_AZURE_CLIENT_ID_HERE"
# Azure Client Secret (Application Secret)
client_secret: "YOUR_AZURE_CLIENT_SECRET_HERE"
# Configuration for Google Cloud Secret Manager
google_secret_manager:
# Enable or disable Google Cloud Secret Manager integration (true/false)
enabled: false
# Google Cloud Project ID
project_id: "YOUR_GOOGLE_PROJECT_ID_HERE"
# Path to the Google Cloud service account key file (JSON)
credentials_path: "/path/to/your/google/credentials.json"
# Configuration for File-based secrets (for testing/development only!)
file:
# Enable or disable File integration (true/false)
enabled: false
# Path to the secrets file (YAML or JSON)
path: "/path/to/your/secrets.yaml"

64
skills/secrets-manager-integrator/assets/vault_config_template.hcl Normal file
View File

@@ -0,0 +1,64 @@
# Vault Configuration File Template
# This file provides a basic template for configuring Vault.
# Modify the values below to suit your specific environment.
# Refer to the Vault documentation for detailed explanations of each parameter:
# https://www.vaultproject.io/docs/configuration
storage "raft" {
path = "/opt/vault/data" # Adjust this path to your desired storage location.
node_id = "vault-node-1" # Unique identifier for this Vault node.
# Raft configuration options (optional, but recommended for production):
# - retry_join: Attempts to join the cluster on startup if initial join fails.
# - snapshot_threshold: Number of logs before a snapshot is taken.
# - snapshot_interval: Interval between snapshots.
# - leader_transfer_interval: Interval after which a leader will attempt to transfer leadership.
#
# Example:
# retry_join {
# leader_api_addr = "http://vault-node-2:8200" # Address of another Vault node in the cluster.
# }
# snapshot_threshold = 8192
# snapshot_interval = "2m"
# leader_transfer_interval = "5s"
}
listener "tcp" {
address = "0.0.0.0:8200" # Change to your desired listening address.
tls_disable = true # Disable TLS for development/testing purposes ONLY.
# ENABLE TLS FOR PRODUCTION. See TLS configuration below.
# tls_cert_file = "/opt/vault/tls/vault.crt" # Path to the TLS certificate.
# tls_key_file = "/opt/vault/tls/vault.key" # Path to the TLS key.
}
# Optional: Configure TLS for secure communication.
# listener "tcp" {
# address = "0.0.0.0:8200" # Change to your desired listening address.
# tls_cert_file = "/opt/vault/tls/vault.crt" # Path to the TLS certificate.
# tls_key_file = "/opt/vault/tls/vault.key" # Path to the TLS key.
# }
telemetry {
# Enable metrics gathering (optional). Consider enabling for production environments.
# - StatsD: A popular open-source metrics aggregator.
# - Prometheus: A popular open-source monitoring solution.
#
# Example (StatsD):
# statsd_address = "127.0.0.1:9125"
# Example (Prometheus):
# prometheus_retention_time = "1h"
disable_hostname = true # Prevent hostname from being included in metrics.
}
ui = true # Enable the Vault UI. Disable if you are managing Vault programmatically only.
# Example of an audit log. Enable for production environments.
# audit "file" {
# path = "/opt/vault/audit.log" # Adjust this path to your desired audit log location.
# file_hmac_algorithm = "sha256"
# hmac_accessor = true
# }

7
skills/secrets-manager-integrator/references/README.md Normal file
View File

@@ -0,0 +1,7 @@
# References
Bundled resources for secrets-manager-integrator skill
- [ ] vault_api_documentation.md: Comprehensive documentation for HashiCorp Vault API.
- [ ] aws_secrets_manager_best_practices.md: Best practices for using AWS Secrets Manager securely.
- [ ] secrets_manager_comparison.md: A comparison of different secrets managers (Vault, AWS Secrets Manager, Azure Key Vault).

7
skills/secrets-manager-integrator/scripts/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Scripts
Bundled resources for secrets-manager-integrator skill
- [ ] vault_config_generator.py: Generates Vault configuration files based on user inputs.
- [ ] aws_secrets_manager_setup.sh: Sets up AWS Secrets Manager with necessary permissions and configurations.
- [ ] secrets_rotation.py: Automates secrets rotation for enhanced security.