secret-portal
Spin up a one-time web UI for securely entering secret keys and env vars. Supports guided instructions, single-key mode, and cloudflared tunneling.
Best use case
secret-portal is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Spin up a one-time web UI for securely entering secret keys and env vars. Supports guided instructions, single-key mode, and cloudflared tunneling.
Teams using secret-portal should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/secret-portal/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How secret-portal Compares
| Feature / Agent | secret-portal | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Spin up a one-time web UI for securely entering secret keys and env vars. Supports guided instructions, single-key mode, and cloudflared tunneling.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
SKILL.md Source
# Secret Portal Spin up a temporary, one-time-use web UI for securely entering secret keys and environment variables. No secrets ever touch chat history or terminal logs. ## Quick Start ```bash # Single key with cloudflared tunnel (recommended) uv run --with secret-portal secret-portal \ -k API_KEY_NAME \ -f ~/.secrets/target-env-file \ --tunnel cloudflared # With guided instructions and a link to the key's console uv run --with secret-portal secret-portal \ -k OPENAI_API_KEY \ -f ~/.env \ -i '<strong>Get your key:</strong><ol><li>Go to platform.openai.com</li><li>Click API Keys</li><li>Create new key</li></ol>' \ -l "https://platform.openai.com/api-keys" \ --link-text "Open OpenAI dashboard →" \ --tunnel cloudflared # Multi-key mode (no -k flag, user enters key names and values) uv run --with secret-portal secret-portal \ -f ~/.secrets/keys.env \ --tunnel cloudflared ``` ## Options | Flag | Description | |------|-------------| | `-k, --key` | Pre-populate a single key name (user only enters the value) | | `-f, --env-file` | Path to save secrets to (default: `~/.env`) | | `-i, --instructions` | HTML instructions shown above the input field | | `-l, --link` | URL button for where to get/create the key | | `--link-text` | Label for the link button (default: "Open console →") | | `--tunnel` | `cloudflared` (recommended), `ngrok`, or `none` | | `-p, --port` | Port to bind to (default: random) | | `--timeout` | Seconds before auto-shutdown (default: 300) | ## Tunneling **Use `--tunnel cloudflared`** — it's free, requires no account, has no interstitial pages, provides HTTPS, and auto-downloads the binary if missing. ngrok free tier shows an interstitial warning page that blocks mobile and automated use. Without a tunnel, the port must be open in your firewall/security group. The CLI will warn you if it detects the port is unreachable. ## Security - One-time use: portal expires after a single submission - Token auth: URL contains a random 32-byte token - Secret values are **never** printed to stdout/stderr (enforced by tests) - Env file is written with `600` permissions (owner-only) - Secrets never touch chat history or terminal logs ## Source https://github.com/Olafs-World/secret-portal
Related Skills
devtools-secrets
Knowledge and guardrails for the mise + fnox + infisical secrets toolchain. Use when the user asks to "configure secrets", "set up fnox", "infisical", "mise env", "secrets management", "environment variables for secrets", or mentions secret injection, secret providers, or env var hygiene.
secrets-scan
Detect hardcoded secrets (API keys, tokens, passwords) in text or code
secretclaw
Securely input API keys and sensitive values into OpenClaw without typing them in chat. Uses a local HTTP server + Cloudflare Tunnel to serve an HTTPS form. Use when registering API keys, tokens, passwords, or any sensitive config values.
Private Secrets Skill
用于安全存储和管理你的私密信息(如 API Key、密码、令牌等)。
aws-secrets-scanner
Detect hardcoded secrets, exposed API keys, and credential misconfigurations in IaC and config files
env-secrets-manager
Env & Secrets Manager
secretcodex
Generate creative code names and encode/decode secret messages using classic and sophisticated ciphers. Blends nostalgic decoder ring fun with modern cryptographic techniques. Includes Caesar, Vigenère, Polybius, Rail Fence, and hybrid methods. Provides keys for secure message sharing between trusted parties.
doro-git-secrets-scanner
Git 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)
secret-exposure-gate
在发布前检查目录中是否含秘钥、token、私有 URL、证书片段或凭证文件。;use for secrets, security, preflight workflows;do not use for 显示完整密钥值, 修改用户文件.
---
name: article-factory-wechat
humanizer
Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.
find-skills
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.