{"id":"8c89941a-024a-44d3-b3d7-2dc416331501","shortId":"d3zga5","kind":"skill","title":"vault","tagline":"Encrypted secrets vault for AI coding agents. Store API keys, passwords, and tokens with `age` (public-key encryption) and `sops` (encrypted YAML secrets files). Never plaintext.","description":"# vault\n\nKeep your secrets encrypted. API keys, passwords, tokens -- locked in a vault that only you can open. Your AI agent gets secrets when it needs them, then forgets them.\n\n**Script:** `./scripts/vault.sh`\n**Setup:** `./scripts/setup.sh` (run once, takes 30 seconds)\n\n---\n\n## Setup\n\n```bash\ncd /path/to/skills/vault\n./scripts/setup.sh\n```\n\n- **Claude Code:** copy this skill folder into `.claude/skills/vault/`\n- **Codex CLI:** append this SKILL.md content to your project's root `AGENTS.md`\n\nFor the full installation walkthrough (prerequisites, verification, troubleshooting), see [references/installation-guide.md](references/installation-guide.md).\n\n## Staying Updated\n\nThis skill ships with an `UPDATES.md` changelog and `UPDATE-GUIDE.md` for your AI agent.\n\nAfter installing, tell your agent: \"Check `UPDATES.md` in the vault skill for any new features or changes.\"\n\nWhen updating, tell your agent: \"Read `UPDATE-GUIDE.md` and apply the latest changes from `UPDATES.md`.\"\n\nFollow `UPDATE-GUIDE.md` so customized local files are diffed before any overwrite.\n\n---\n\n## Why this matters\n\nRight now, your secrets probably live in a `.env` file. Plain text. Anyone who can see your files -- a colleague, a stolen laptop, a backup that leaks, an AI agent that goes rogue -- reads every secret you have.\n\nThis vault encrypts them. Even if someone copies your entire hard drive, they can't read your secrets without your encryption key. And your AI agent only sees secrets for the instant it needs them -- they never sit in memory or get written to a file.\n\n**Before (plaintext .env):**\n```text\nOPENAI_API_KEY=sk-abc123-real-key-here     <- anyone can read this\nDATABASE_URL=postgres://admin:password@...  <- sitting in plain text\nSTRIPE_SECRET=sk_live_...                   <- one leak away from disaster\n```\n\n**After (encrypted vault):**\n```text\nOPENAI_API_KEY: ENC[AES256_GCM,data:8f3k2...]   <- gibberish without your key\nDATABASE_URL: ENC[AES256_GCM,data:j4m9x...]      <- encrypted at rest\nSTRIPE_SECRET: ENC[AES256_GCM,data:p2w7n...]     <- safe even if file leaks\n```\n\nThe flow: `secret -> encrypt -> vault -> agent needs it -> decrypt to memory -> use -> forget`\n\n---\n\n## Quick Start\n\nThree steps. That's it.\n\n### 1. Run setup\n\n```bash\ncd path/to/this/skill\n./scripts/setup.sh\n```\n\nThis installs the encryption tools (if needed), creates your vault, and generates your encryption key. One command, done.\n\n### 2. Add a secret\n\n```bash\n./scripts/vault.sh set MY_API_KEY \"sk-your-actual-key\"\n```\n\n### 3. Get it back\n\n```bash\n./scripts/vault.sh get MY_API_KEY\n```\n\nYour vault is working. Secrets are encrypted on disk, decrypted only when you ask for them.\n\n---\n\n## Commands\n\n```bash\nVAULT=\"./scripts/vault.sh\"\n\n# Store a secret\n$VAULT set API_KEY \"sk-abc123\"\n\n# Retrieve a secret (outputs to stdout, no trailing newline)\n$VAULT get API_KEY\n\n# List all secret names (not their values)\n$VAULT list\n\n# Export all secrets to your current shell\neval \"$($VAULT source)\"\n\n# Run a command with secrets injected as env vars\n$VAULT exec node server.js\n\n# Check that vault works\n$VAULT verify\n\n# Full health check (tools, permissions, encryption test)\n$VAULT doctor\n\n# First-time setup\n$VAULT setup\n\n# Help for any command\n$VAULT get --help\n$VAULT set --help\n$VAULT exec --help\n$VAULT doctor --help\n```\n\nEvery command has `--help`. When something goes wrong, error messages tell you what happened and what to do.\n\n---\n\n## For AI agents\n\nThis is the pattern for injecting secrets into AI agent workflows.\n\n### Pattern 1: Variable assignment\n\n```bash\n# Agent needs one secret for a specific command\nexport TOKEN=$(./scripts/vault.sh get MY_API_KEY)\ncurl -H \"Authorization: Bearer $TOKEN\" https://api.example.com\nunset TOKEN\n```\n\n### Pattern 2: Source all secrets\n\n```bash\n# Load everything into the current shell\neval \"$(./scripts/vault.sh source)\"\n# Now all secrets are available as env vars\necho $MY_API_KEY  # available\necho $DATABASE_URL  # available\n```\n\n### Pattern 3: Scoped execution\n\n```bash\n# Run a command with secrets -- they don't leak to the parent shell\n./scripts/vault.sh exec python my_script.py\n# Secrets are gone after the command finishes\n```\n\n**Pattern 3 is the safest.** Secrets exist only for the duration of the command. They don't linger in your shell's environment. Prefer this when possible.\n\n### Agent safety rules\n\n- Never write secrets to files that get committed to git\n- Never include secrets in prompts or logs\n- Prefer `vault.sh exec` over `eval \"$(vault.sh source)\"` when possible\n- After using `eval source`, clean up with `unset` for sensitive vars\n\n---\n\n## Configuration\n\nAll paths are configurable via environment variables:\n\n| Variable | Default | What it controls |\n|----------|---------|-----------------|\n| `VAULT_DIR` | `~/.shit` | Where the vault lives |\n| `VAULT_FILE` | `$VAULT_DIR/vault.enc.yaml` | The encrypted secrets file |\n| `SOPS_AGE_KEY_FILE` | `$VAULT_DIR/.age-identity` | Your encryption key |\n\n**Customize the vault path.** The default (`~/.shit`) is intentionally misleading -- it's an extra layer of obscurity on top of the real encryption. Pick something that makes sense for your setup. Some options:\n\n```bash\n# In your shell profile (~/.zshrc or ~/.bashrc):\nexport VAULT_DIR=\"$HOME/.config/vault\"     # conventional\nexport VAULT_DIR=\"$HOME/.cache/.internal\"   # hidden in cache\nexport VAULT_DIR=\"$HOME/.local/secrets\"     # descriptive\n```\n\nThen re-run setup: `VAULT_DIR=\"$HOME/.config/vault\" ./scripts/setup.sh`\n\n---\n\n## How it works (under the hood)\n\nTwo tools do the heavy lifting:\n\n- **age** -- Modern encryption. Creates a key pair (public + private). Your secrets are encrypted with the public key and can only be decrypted with the private key. No passwords to remember.\n- **sops** -- Wraps age to encrypt individual fields in a YAML file. Each secret value is encrypted separately, but key names stay visible (so you can see what's in the vault without decrypting).\n\nThe vault directory looks like this:\n\n```text\n~/.shit/                    chmod 700 (only you can access)\n  .age-identity             Your encryption key (chmod 600)\n  vault.enc.yaml            Your encrypted secrets\n  .sops.yaml                Config telling sops which key to use\n```\n\n**Key security facts:**\n- Secrets are encrypted with X25519 (the elliptic-curve key-exchange algorithm Signal uses)\n- Decrypted values only exist in memory -- stdout, pipes, env vars\n- Nothing writes plaintext to disk, ever\n- The `vault.sh` script validates all input to prevent injection attacks\n- File permissions are checked and auto-fixed on every operation\n\n---\n\n## What this protects against (and what it doesn't)\n\n**Protected:**\n- Casual file browsing (encrypted, not readable)\n- Accidental git commits (encrypted file is safe to commit, though not recommended)\n- Laptop theft (encrypted without the key is useless)\n- AI agent data exfiltration (secrets aren't in plaintext files)\n- Plaintext exposure in logs or backups\n\n**NOT protected:**\n- Someone with access to your logged-in user account (they can run vault.sh)\n- Physical access to your unlocked computer\n- Malware running as your user (it can read the key file)\n- Key compromise (if someone gets `.age-identity`, they get everything)\n\n**Bottom line:** This is dramatically better than `.env` files. It's not a replacement for a dedicated secrets manager in production infrastructure (use HashiCorp Vault, AWS Secrets Manager, etc. for that). It's for your development machine, your personal API keys, your local credentials.\n\n---\n\n## Error Handling\n\n| Problem | Solution |\n|---------|----------|\n| `sops not found` | `brew install sops` (Mac) or see [sops install guide](https://github.com/getsops/sops#install) |\n| `age not found` | `brew install age` (Mac) or see [age install guide](https://github.com/FiloSottile/age#installation) |\n| `jq not found` | `brew install jq` (Mac) or `sudo apt install jq` (Linux) |\n| `Age identity not found` | Run `./scripts/setup.sh` to create it |\n| `Vault decrypted but no secrets found` | Normal for a fresh vault -- add a secret with `vault.sh set` |\n| `Failed to set key` | Check that key name uses only letters, digits, and underscores |\n| `Key not found` | Run `vault.sh list` to see available keys |\n| `Permission denied` | Run `vault.sh doctor` to check and fix permissions |\n| Everything broken | Run `vault.sh doctor` -- it checks everything and tells you what's wrong |\n\n---\n\n## Anti-Patterns\n\n| Do NOT | Do instead |\n|--------|------------|\n| Store secrets in `.env` plaintext files | Store secrets with `./scripts/vault.sh set ...` |\n| Leave secrets exported in shell for long sessions | Prefer `./scripts/vault.sh exec <command>` for scoped access |\n| Print secrets to logs or command history | Use env vars and avoid echoing secret values |\n| Commit decrypted outputs or temp files | Keep secrets encrypted at rest and out of git |\n| Skip `vault.sh doctor` when setup fails | Run `vault.sh doctor` first, then fix reported issues |\n\n---\n\n## Bundled Resources Index\n\n| Path | What | When to load |\n|------|------|-------------|\n| `./references/installation-guide.md` | Detailed install walkthrough for Claude Code and Codex CLI | First-time setup or environment repair |\n| `./scripts/vault.sh` | Vault CLI -- the main interface | Always |\n| `./scripts/setup.sh` | First-time setup script | Initial setup only |","tags":["vault","fieldwork","skills","buildoak","agent-skills","ai-agents","ai-tools","automation","browser-automation","claude-code","claude-skills","codex"],"capabilities":["skill","source-buildoak","skill-vault","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-automation","topic-browser-automation","topic-claude-code","topic-claude-skills","topic-codex"],"categories":["fieldwork-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/buildoak/fieldwork-skills/vault","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add buildoak/fieldwork-skills","source_repo":"https://github.com/buildoak/fieldwork-skills","install_from":"skills.sh"}},"qualityScore":"0.457","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 15 github stars · SKILL.md body (9,345 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-23T01:02:14.084Z","embedding":null,"createdAt":"2026-04-18T23:07:18.107Z","updatedAt":"2026-04-23T01:02:14.084Z","lastSeenAt":"2026-04-23T01:02:14.084Z","tsv":"'/.bashrc':767 '/.shit':705,733,876 '/.zshrc':765 '/filosottile/age#installation)':1131 '/getsops/sops#install)':1116 '/path/to/skills/vault':71 '/references/installation-guide.md':1303 '/scripts/setup.sh':62,72,346,793,1150,1327 '/scripts/vault.sh':60,370,385,409,549,575,612,1235,1246,1320 '1':340,535 '2':365,563 '3':380,595,624 '30':66 '600':890 '700':878 '8f3k2':293 'abc123':257,419 'access':882,1014,1027,1250 'accident':974 'account':1021 'actual':378 'add':366,1165 'admin':267 'aes256':290,301,311 'age':16,719,806,838,884,1049,1117,1122,1126,1145 'age-ident':883,1048 'agent':8,49,118,123,140,193,227,325,522,532,539,650,995 'agents.md':92 'ai':6,48,117,192,226,521,531,994 'algorithm':918 'alway':1326 'anti':1220 'anti-pattern':1219 'anyon':176,261 'api':10,34,253,287,373,388,415,431,552,587,1093 'api.example.com':559 'append':83 'appli':144 'apt':1141 'aren':999 'ask':403 'assign':537 'attack':946 'author':556 'auto':953 'auto-fix':952 'avail':581,589,593,1193 'avoid':1262 'aw':1079 'away':279 'back':383 'backup':188,1009 'bash':69,343,369,384,407,538,567,598,760 'bearer':557 'better':1059 'bottom':1054 'brew':1105,1120,1135 'broken':1206 'brows':970 'bundl':1295 'cach':779 'casual':968 'cd':70,344 'chang':135,147 'changelog':112 'check':124,465,473,950,1175,1201,1211 'chmod':877,889 'claud':73,1308 'claude/skills/vault':80 'clean':683 'cli':82,1312,1322 'code':7,74,1309 'codex':81,1311 'colleagu':183 'command':363,406,454,489,503,546,601,621,636,1256 'commit':660,976,982,1266 'compromis':1044 'comput':1031 'config':896 'configur':690,694 'content':86 'control':702 'convent':772 'copi':75,209 'creat':354,809,1152 'credenti':1097 'curl':554 'current':447,572 'curv':914 'custom':153,727 'data':292,303,313,996 'databas':265,298,591 'decrypt':328,399,827,868,921,1155,1267 'dedic':1070 'default':699,732 'deni':1196 'descript':784 'detail':1304 'develop':1089 'dif':157 'digit':1182 'dir':704,770,775,782,791 'dir/.age-identity':723 'dir/vault.enc.yaml':713 'directori':871 'disast':281 'disk':398,935 'doctor':479,500,1199,1209,1283,1289 'doesn':965 'done':364 'dramat':1058 'drive':213 'durat':633 'echo':585,590,1263 'ellipt':913 'elliptic-curv':912 'enc':289,300,310 'encrypt':2,20,23,33,204,222,283,305,323,350,360,396,476,715,725,749,808,818,840,851,887,893,908,971,977,988,1274 'entir':211 'env':172,250,459,583,929,1061,1229,1259 'environ':645,696,1318 'error':510,1098 'etc':1082 'eval':449,574,674,681 'even':206,316 'ever':936 'everi':198,502,956 'everyth':569,1053,1205,1212 'exchang':917 'exec':462,497,613,672,1247 'execut':597 'exfiltr':997 'exist':629,924 'export':442,547,768,773,780,1239 'exposur':1005 'extra':740 'fact':905 'fail':1171,1286 'featur':133 'field':842 'file':26,155,173,181,247,318,657,711,717,721,846,947,969,978,1003,1042,1062,1231,1271 'finish':622 'first':481,1290,1314,1329 'first-tim':480,1313,1328 'fix':954,1203,1292 'flow':321 'folder':78 'follow':150 'forget':57,332 'found':1104,1119,1134,1148,1159,1187 'fresh':1163 'full':95,471 'gcm':291,302,312 'generat':358 'get':50,243,381,386,430,491,550,659,1047,1052 'gibberish':294 'git':662,975,1280 'github.com':1115,1130 'github.com/filosottile/age#installation)':1129 'github.com/getsops/sops#install)':1114 'goe':195,508 'gone':618 'guid':1113,1128 'h':555 'handl':1099 'happen':515 'hard':212 'hashicorp':1077 'health':472 'heavi':804 'help':486,492,495,498,501,505 'hidden':777 'histori':1257 'home/.cache/.internal':776 'home/.config/vault':771,792 'home/.local/secrets':783 'hood':799 'ident':885,1050,1146 'includ':664 'index':1297 'individu':841 'infrastructur':1075 'initi':1333 'inject':457,528,945 'input':942 'instal':96,120,348,1106,1112,1121,1127,1136,1142,1305 'instant':233 'instead':1225 'intent':735 'interfac':1325 'issu':1294 'j4m9x':304 'jq':1132,1137,1143 'keep':30,1272 'key':11,19,35,223,254,259,288,297,361,374,379,389,416,432,553,588,720,726,811,822,831,854,888,900,903,916,991,1041,1043,1094,1174,1177,1185,1194 'key-exchang':915 'laptop':186,986 'latest':146 'layer':741 'leak':190,278,319,607 'leav':1237 'letter':1181 'lift':805 'like':873 'line':1055 'linger':640 'linux':1144 'list':433,441,1190 'live':169,276,709 'load':568,1302 'local':154,1096 'lock':38 'log':669,1007,1018,1254 'logged-in':1017 'long':1243 'look':872 'mac':1108,1123,1138 'machin':1090 'main':1324 'make':753 'malwar':1032 'manag':1072,1081 'matter':163 'memori':241,330,926 'messag':511 'mislead':736 'modern':807 'my_script.py':615 'name':436,855,1178 'need':54,235,326,353,540 'never':27,238,653,663 'new':132 'newlin':428 'node':463 'normal':1160 'noth':931 'obscur':743 'one':277,362,541 'open':46 'openai':252,286 'oper':957 'option':759 'output':423,1268 'overwrit':160 'p2w7n':314 'pair':812 'parent':610 'password':12,36,268,833 'path':692,730,1298 'path/to/this/skill':345 'pattern':526,534,562,594,623,1221 'permiss':475,948,1195,1204 'person':1092 'physic':1026 'pick':750 'pipe':928 'plain':174,271 'plaintext':28,249,933,1002,1004,1230 'possibl':649,678 'prefer':646,670,1245 'prerequisit':98 'prevent':944 'print':1251 'privat':814,830 'probabl':168 'problem':1100 'product':1074 'profil':764 'project':89 'prompt':667 'protect':960,967,1011 'public':18,813,821 'public-key':17 'python':614 'quick':333 're':787 're-run':786 'read':141,197,217,263,1039 'readabl':973 'real':258,748 'recommend':985 'references/installation-guide.md':102,103 'rememb':835 'repair':1319 'replac':1067 'report':1293 'resourc':1296 'rest':307,1276 'retriev':420 'right':164 'rogu':196 'root':91 'rule':652 'run':63,341,452,599,788,1024,1033,1149,1188,1197,1207,1287 'safe':315,980 'safest':627 'safeti':651 'scope':596,1249 'script':59,939,1332 'second':67 'secret':3,25,32,51,167,199,219,230,274,309,322,368,394,412,422,435,444,456,529,542,566,579,603,616,628,655,665,716,816,848,894,906,998,1071,1080,1158,1167,1227,1233,1238,1252,1264,1273 'secur':904 'see':101,179,229,861,1110,1125,1192 'sens':754 'sensit':688 'separ':852 'server.js':464 'session':1244 'set':371,414,494,1170,1173,1236 'setup':61,68,342,483,485,757,789,1285,1316,1331,1334 'shell':448,573,611,643,763,1241 'ship':108 'signal':919 'sit':239,269 'sk':256,275,376,418 'sk-abc123':417 'sk-abc123-real-key-here':255 'sk-your-actual-key':375 'skill':77,107,129 'skill-vault' 'skill.md':85 'skip':1281 'solut':1101 'someon':208,1012,1046 'someth':507,751 'sop':22,718,836,898,1102,1107,1111 'sops.yaml':895 'sourc':451,564,576,676,682 'source-buildoak' 'specif':545 'start':334 'stay':104,856 'stdout':425,927 'step':336 'stolen':185 'store':9,410,1226,1232 'stripe':273,308 'sudo':1140 'take':65 'tell':121,138,512,897,1214 'temp':1270 'test':477 'text':175,251,272,285,875 'theft':987 'though':983 'three':335 'time':482,1315,1330 'token':14,37,548,558,561 'tool':351,474,801 'top':745 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-automation' 'topic-browser-automation' 'topic-claude-code' 'topic-claude-skills' 'topic-codex' 'trail':427 'troubleshoot':100 'two':800 'underscor':1184 'unlock':1030 'unset':560,686 'updat':105,137 'update-guide.md':114,142,151 'updates.md':111,125,149 'url':266,299,592 'use':331,680,902,920,1076,1179,1258 'useless':993 'user':1020,1036 'valid':940 'valu':439,849,922,1265 'var':460,584,689,930,1260 'variabl':536,697,698 'vault':1,4,29,41,128,203,284,324,356,391,408,413,429,440,450,461,467,469,478,484,490,493,496,499,703,708,710,712,722,729,769,774,781,790,866,870,1078,1154,1164,1321 'vault.enc.yaml':891 'vault.sh':671,675,938,1025,1169,1189,1198,1208,1282,1288 'verif':99 'verifi':470 'via':695 'visibl':857 'walkthrough':97,1306 'without':220,295,867,989 'work':393,468,796 'workflow':533 'wrap':837 'write':654,932 'written':244 'wrong':509,1218 'x25519':910 'yaml':24,845","prices":[{"id":"d45f744f-9177-4608-9687-e34d998b204a","listingId":"8c89941a-024a-44d3-b3d7-2dc416331501","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"buildoak","category":"fieldwork-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T23:07:18.107Z"}],"sources":[{"listingId":"8c89941a-024a-44d3-b3d7-2dc416331501","source":"github","sourceId":"buildoak/fieldwork-skills/vault","sourceUrl":"https://github.com/buildoak/fieldwork-skills/tree/main/skills/vault","isPrimary":false,"firstSeenAt":"2026-04-18T23:07:18.107Z","lastSeenAt":"2026-04-23T01:02:14.084Z"}],"details":{"listingId":"8c89941a-024a-44d3-b3d7-2dc416331501","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"buildoak","slug":"vault","github":{"repo":"buildoak/fieldwork-skills","stars":15,"topics":["agent-skills","ai-agents","ai-tools","automation","browser-automation","claude-code","claude-skills","codex"],"license":"apache-2.0","html_url":"https://github.com/buildoak/fieldwork-skills","pushed_at":"2026-03-18T08:36:25Z","description":"Battle-tested skills for AI agents that do real work","skill_md_sha":"47680add19f62c3f4cf4695a09ce637f01f0add5","skill_md_path":"skills/vault/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/buildoak/fieldwork-skills/tree/main/skills/vault"},"layout":"multi","source":"github","category":"fieldwork-skills","frontmatter":{"name":"vault","description":"Encrypted secrets vault for AI coding agents. Store API keys, passwords, and tokens with `age` (public-key encryption) and `sops` (encrypted YAML secrets files). Never plaintext."},"skills_sh_url":"https://skills.sh/buildoak/fieldwork-skills/vault"},"updatedAt":"2026-04-23T01:02:14.084Z"}}