manage_secrets
Set or update environment secrets via the set-secret GitHub Actions workflow. Use when the user asks to update, rotate, or set a secret/token/API key for this persona's environment.
Best use case
manage_secrets is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Set or update environment secrets via the set-secret GitHub Actions workflow. Use when the user asks to update, rotate, or set a secret/token/API key for this persona's environment.
Teams using manage_secrets should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/manage-secrets/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How manage_secrets Compares
| Feature / Agent | manage_secrets | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Set or update environment secrets via the set-secret GitHub Actions workflow. Use when the user asks to update, rotate, or set a secret/token/API key for this persona's environment.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Manage Secrets — Self-Service Secret Updates
Trigger the `set-secret.yml` workflow in the env repo to set or update an environment secret for this persona. The workflow decrypts the SOPS-encrypted `secrets.yaml`, injects the key/value under `envSecrets`, re-encrypts, and pushes the change — which triggers a deploy.
## Required Environment Variables
- `AGENT_GITHUB_PAT` — a fine-grained PAT with Actions write permission on the env repo. There is no fallback; the PAT must be present.
- `MANAGE_SECRETS_GITHUB_REPO` — the GitHub `owner/repo` of the env repo that contains `set-secret.yml` (e.g., `myorg/myapp-env`).
```bash
if [[ -z "$AGENT_GITHUB_PAT" ]]; then
echo "ERROR: AGENT_GITHUB_PAT is not set. Cannot authenticate to trigger set-secret workflow." >&2
exit 1
fi
if [[ -z "$MANAGE_SECRETS_GITHUB_REPO" ]]; then
echo "ERROR: MANAGE_SECRETS_GITHUB_REPO is not set. Cannot determine target repo." >&2
exit 1
fi
export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
```
## Trigger Set-Secret
```bash
export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh workflow run set-secret.yml \
--repo "$MANAGE_SECRETS_GITHUB_REPO" \
-f persona=<PERSONA> \
-f secret_key=<KEY> \
-f secret_value=<VALUE>
```
Where:
- `<PERSONA>` is this agent's persona name. Determine it from the Tailscale hostname (`tailscale status --self --json | jq -r .Self.HostName` → strip the `moltbot-` prefix) or the Kubernetes namespace (`moltbot-<persona>`)
- `<KEY>` must match `^[A-Z][A-Z0-9_]*$` (e.g., `TELEGRAM_BOT_TOKEN`, `GOOGLE_API_KEY`)
- `<VALUE>` is the secret value to set
## Monitor Workflow Status
After triggering, wait a few seconds then check status:
```bash
export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh run list \
--repo "$MANAGE_SECRETS_GITHUB_REPO" \
--workflow set-secret.yml \
--limit 3
```
To watch a specific run until completion:
```bash
export GITHUB_TOKEN="$AGENT_GITHUB_PAT"
gh run watch <RUN_ID> \
--repo "$MANAGE_SECRETS_GITHUB_REPO"
```
## RBAC
The workflow enforces an RBAC matrix that maps GitHub usernames to allowed personas. Each persona's GitHub user can only set secrets for its own persona; admin users have wildcard access to all personas. Check the `set-secret.yml` workflow source for the current RBAC matrix.
Example RBAC structure:
```json
{
"admin-user": ["*"],
"bot-user[bot]": ["*"],
"persona-a-user": ["persona-a"],
"persona-b-user": ["persona-b"]
}
```
## Important Notes
- The workflow runs with `concurrency: { group: set-secret, cancel-in-progress: false }` — concurrent dispatches are serialized, not cancelled
- The secret key must already be a valid uppercase env var name; the workflow rejects invalid formats
- After the workflow commits, it pushes to `main`, which triggers the deploy workflow for the affected persona
- `AGENT_GITHUB_PAT` and `MANAGE_SECRETS_GITHUB_REPO` must be set in the environment; the skill has no fallback
- If the secret value is unchanged, the workflow exits cleanly with no commitRelated Skills
CRM Manager
Manages a local CSV-based CRM with pipeline tracking
Product Management OS
Complete product management system — discovery, prioritization, roadmapping, metrics, and cross-functional leadership. Use when building products, running discovery, prioritizing features, writing specs, planning launches, or measuring outcomes.
Procurement Manager
You are a procurement specialist agent. Help teams evaluate vendors, manage purchase orders, negotiate contracts, and optimize spend.
Employee Offboarding Manager
Generate complete offboarding checklists and transition plans when an employee leaves.
Medical Billing & Revenue Cycle Management
Analyze medical billing workflows, identify revenue leaks, optimize claim submissions, and reduce denial rates. Built for healthcare practices, billing companies, and revenue cycle teams.
Software License Manager
Audit, track, and optimize your organization's software licenses. Finds waste, flags compliance risks, and builds a renewal calendar.
Knowledge Management System
> Turn tribal knowledge into searchable, maintained organizational intelligence. Stop losing expertise when people leave.
Investment Analysis & Portfolio Management Engine
Complete investment analysis, portfolio construction, risk management, and trade execution methodology. Works across stocks, crypto, ETFs, bonds, and alternatives. Zero dependencies — pure agent skill.
Inventory & Supply Chain Manager
Complete inventory management, demand forecasting, supplier evaluation, and supply chain optimization for businesses of any size. From stockroom to strategy.
Fleet Management Optimizer
You are a fleet management analyst. Help the user optimize vehicle fleet operations, reduce costs, and improve utilization.
Event Management & Conference Engine
Complete system for planning, executing, and measuring corporate events, conferences, workshops, webinars, and meetups. From initial concept through post-event ROI analysis.
Environmental Compliance Manager
Assess, track, and maintain environmental regulatory compliance across EPA, state agencies, and industry-specific requirements. Built for manufacturing, construction, energy, logistics, and any business with environmental obligations.