redshift
Manage application secrets with the Redshift CLI (https://redshiftapp.com) — decentralized, encrypted secret management built on Nostr. Use when setting, getting, deleting, listing, uploading, or downloading secrets, injecting secrets into commands, configuring projects/environments, or authenticating with Nostr keys. Covers redshift secrets, redshift run, redshift setup, redshift login, and related commands.
Best use case
redshift is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Manage application secrets with the Redshift CLI (https://redshiftapp.com) — decentralized, encrypted secret management built on Nostr. Use when setting, getting, deleting, listing, uploading, or downloading secrets, injecting secrets into commands, configuring projects/environments, or authenticating with Nostr keys. Covers redshift secrets, redshift run, redshift setup, redshift login, and related commands.
Teams using redshift should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/redshift/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How redshift Compares
| Feature / Agent | redshift | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Manage application secrets with the Redshift CLI (https://redshiftapp.com) — decentralized, encrypted secret management built on Nostr. Use when setting, getting, deleting, listing, uploading, or downloading secrets, injecting secrets into commands, configuring projects/environments, or authenticating with Nostr keys. Covers redshift secrets, redshift run, redshift setup, redshift login, and related commands.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
SKILL.md Source
# Redshift Decentralized secret management via the `redshift` CLI. Secrets are client-side encrypted (NIP-59 Gift Wrap) and stored on Nostr relays — no central server. Project homepage: https://redshiftapp.com ## Key concepts - **Project** (`-p`): a project slug (e.g. `backend`, `myapp`) - **Config/Environment** (`-c`): an environment slug (e.g. `dev`, `staging`, `production`) - **redshift.yaml**: per-directory project config created by `redshift setup` - When `-p`/`-c` are omitted, Redshift reads from `redshift.yaml` in the current directory ## Security considerations - Never pass secret values directly on the command line in shared/logged environments — prefer `redshift secrets set` interactively or pipe from stdin - Use `REDSHIFT_NSEC` / `REDSHIFT_BUNKER` env vars for CI/CD rather than CLI flags - Avoid `redshift serve --host 0.0.0.0` unless you intend to expose the web UI to the network — default `127.0.0.1` is localhost-only - All encryption is client-side; secrets never leave the device unencrypted - Private keys are stored in the system keychain, not in plaintext config files ## Authentication ```bash redshift login # Interactive (recommended) redshift login --nsec nsec1... # Direct private key (use env var in CI instead) redshift login --bunker "bunker://pubkey?relay=wss://relay.example&secret=xxx" # NIP-46 (ALWAYS quote the URL) redshift login --connect # Generate NostrConnect URI for bunker app redshift me # Check current identity redshift logout # Clear credentials ``` CI/CD: set `REDSHIFT_NSEC` or `REDSHIFT_BUNKER` env vars instead of `redshift login`. These should be stored in your CI platform's secret management (e.g. GitHub Actions secrets), never hardcoded. ## Project setup ```bash redshift setup # Interactive redshift setup -p myapp -c production # Non-interactive redshift setup --no-interactive -p app -c dev # Strict non-interactive ``` Creates `redshift.yaml` with project, environment, and relay list. ## Secrets ```bash # List all redshift secrets # Redacted values redshift secrets --raw # Show plaintext values redshift secrets --json # JSON output redshift secrets --only-names # Names only # Get redshift secrets get API_KEY redshift secrets get API_KEY --plain # Raw value, no formatting redshift secrets get API_KEY --copy # Copy to clipboard redshift secrets get KEY1 KEY2 # Multiple keys # Set redshift secrets set API_KEY sk_live_xxx redshift secrets set API_KEY '123' DB_URL 'postgres://...' # Multiple at once # Delete redshift secrets delete OLD_KEY redshift secrets delete KEY1 KEY2 -y # Skip confirmation # Download redshift secrets download ./secrets.json # JSON (default) redshift secrets download --format=env --no-file # Print .env to stdout redshift secrets download --format=env ./secrets.env # Save as .env file # Formats: json, env, yaml, docker, env-no-quotes # Upload redshift secrets upload secrets.env ``` Override project/environment on any secrets command with `-p` / `-c`: ```bash redshift secrets -p backend -c production --raw redshift secrets set -p myapp -c staging FEATURE_FLAG true ``` ## Run with secrets injected **Important:** Only run commands the user has explicitly requested. Never construct arbitrary commands to pass to `redshift run`. Always confirm the command with the user before executing. ```bash redshift run -- npm start redshift run -- python app.py redshift run --command "npm start && npm test" redshift run -p myapp -c prod -- docker-compose up # Mount secrets to a file instead of env vars redshift run --mount secrets.json -- cat secrets.json redshift run --mount secrets.env --mount-format env -- cat secrets.env # Fallback for offline mode redshift run --fallback ./fallback.json -- npm start redshift run --fallback-only -- npm start # Read only from fallback # Preserve existing env values for specific keys redshift run --preserve-env PORT,HOST -- npm start ``` ## Configuration ```bash redshift configure # Show config redshift configure --all # Show all saved options redshift configure get project # Get specific option redshift configure set project=myapp # Set option redshift configure unset project # Remove option redshift configure reset --yes # Reset to initial state ``` ## Web UI ```bash redshift serve # http://127.0.0.1:3000 (localhost only) redshift serve --port 8080 --open # Custom port, auto-open browser redshift serve --host 0.0.0.0 # ⚠️ Exposes to network — use with caution ``` ## Global flags | Flag | Short | Description | |------------------|-------|-------------------------------| | `--help` | `-h` | Show help | | `--version` | `-v` | Show version | | `--json` | | JSON output | | `--silent` | | Suppress info messages | | `--debug` | | Verbose debug output | | `--config-dir` | | Override config dir (~/.redshift) | ## Environment variables | Variable | Description | |------------------------|--------------------------------------------------| | `REDSHIFT_NSEC` | Private key for CI/CD (bypasses interactive login)| | `REDSHIFT_BUNKER` | NIP-46 bunker URL for CI/CD (alternative to nsec) | | `REDSHIFT_CONFIG_DIR` | Override config directory (default: ~/.redshift) | ## Important notes - Always quote bunker URLs (`--bunker "bunker://..."`) — shell interprets `&` otherwise - Secret values with spaces or special chars should be quoted - Complex values (objects/arrays) are auto-JSON-stringified when injected by `redshift run`
Related Skills
---
name: article-factory-wechat
humanizer
Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.
find-skills
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
tavily-search
Use Tavily API for real-time web search and content extraction. Use when: user needs real-time web search results, research, or current information from the web. Requires Tavily API key.
baidu-search
Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.
agent-autonomy-kit
Stop waiting for prompts. Keep working.
Meeting Prep
Never walk into a meeting unprepared again. Your agent researches all attendees before calendar events—pulling LinkedIn profiles, recent company news, mutual connections, and conversation starters. Generates a briefing doc with talking points, icebreakers, and context so you show up informed and confident. Triggered automatically before meetings or on-demand. Configure research depth, advance timing, and output format. Walking into meetings blind is amateur hour—missed connections, generic small talk, zero leverage. Use when setting up meeting intelligence, researching specific attendees, generating pre-meeting briefs, or automating your prep workflow.
self-improvement
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.
botlearn-healthcheck
botlearn-healthcheck — BotLearn autonomous health inspector for OpenClaw instances across 5 domains (hardware, config, security, skills, autonomy); triggers on system check, health report, diagnostics, or scheduled heartbeat inspection.
linkedin-cli
A bird-like LinkedIn CLI for searching profiles, checking messages, and summarizing your feed using session cookies.
notebooklm
Google NotebookLM 非官方 Python API 的 OpenClaw Skill。支持内容生成(播客、视频、幻灯片、测验、思维导图等)、文档管理和研究自动化。当用户需要使用 NotebookLM 生成音频概述、视频、学习材料或管理知识库时触发。
小红书长图文发布 Skill
## 概述