Manage Kubernetes Secrets
技能 活跃Implement secure secrets management in Kubernetes using SealedSecrets for GitOps, External Secrets Operator for cloud secret managers, and rotation strategies. Handle TLS certificates, API keys, and credentials with encryption at rest and RBAC controls. Use when storing sensitive configuration for Kubernetes applications, implementing GitOps where secrets must be version-controlled, integrating with AWS Secrets Manager or Azure Key Vault, rotating credentials without downtime, or migrating from plaintext Secrets to encrypted solutions.
To enable users to implement production-grade, secure secrets management within Kubernetes environments, covering the full lifecycle from initial setup to automated rotation and access control.
功能
- Implement secrets encryption at rest
- Configure Sealed Secrets for GitOps
- Integrate with cloud secret managers
- Automate TLS certificate management
- Implement secret rotation strategies
- Enforce RBAC for secret access control
使用场景
- Storing sensitive configuration for Kubernetes applications
- Implementing GitOps with version-controlled secrets
- Integrating with AWS Secrets Manager, Azure Key Vault, GCP Secret Manager
- Rotating credentials and certificates without downtime
- Migrating from plaintext Secrets to encrypted solutions
非目标
- Managing secrets outside of Kubernetes or integrated cloud providers
- Handling application-specific secret rotation logic directly (relies on external tools/app behavior)
- Providing a UI for secrets management
Documentation
- info:Configuration & parameter referenceWhile the procedure section details steps, explicit documentation of all parameters for specific tools like Helm charts or cloud provider CLIs is not provided within the SKILL.md.
Code Execution
- warning:ValidationWhile CLI commands and Kubernetes manifests are used, explicit schema validation libraries (like Zod or Pydantic) for all input arguments and structured output are not detailed in the SKILL.md.
- info:Error HandlingThe SKILL.md provides basic failure scenarios and recovery steps for some operations, but detailed structured error reporting for every path is not explicitly outlined.
Errors
- info:Actionable error messagesThe SKILL.md outlines common failure modes and recovery steps for some operations, but it does not consistently provide a structured format (what, why, remediation) for all potential errors.
Scope
- info:Dry-run previewWhile `kubectl --dry-run` is mentioned for creating secrets, a universal `--dry-run` flag for all state-changing operations orchestrated by the skill is not explicitly detailed.
Protocol
- info:Idempotent retry & timeoutsThe skill orchestrates standard Kubernetes and cloud operations; while many of these are inherently idempotent or have retry mechanisms, explicit guidance on per-call timeouts and idempotency for all custom steps is not provided.
Practical Utility
- info:Edge casesThe SKILL.md addresses some failure modes and common pitfalls (e.g., secrets in Git history, RBAC issues), but comprehensive documentation of all potential edge cases and recovery steps for every operation is not present.
Safety
- info:Halt on unexpected stateThe SKILL.md mentions potential failure modes and recovery steps, but it does not explicitly state a requirement for machine-readable checklists for preconditions or an automatic halt on unexpected pre-state.
安装
/plugin install agent-almanac@pjt222-agent-almanac质量评分
类似扩展
K8s Manifest Generator
100Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Setup Container Registry
99Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.
Implement Gitops Workflow
98Implement GitOps continuous delivery using Argo CD or Flux with app-of-apps pattern, automated sync policies, drift detection, and multi-environment promotion. Manage Kubernetes deployments declaratively from Git with automated reconciliation. Use when implementing declarative infrastructure management, migrating from imperative kubectl commands to Git-driven deployments, setting up multi-environment promotion workflows, enforcing code review gates for production, or meeting audit and compliance requirements.
OpenClaw Release Maintainer
100Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.