gcp-production-secret-handler
gcp-production-secret-handler
This skill implements the secure pattern for secret handling used in the dev-signal agent. It ensures sensitive credentials (API keys, client secrets) are fetched from Google Secret Manager directly into local memory, avoiding global environment variables that can be leaked through logs or traces.
Usage
Ask Antigravity to:
- "Implement secure secret handling for my production agent"
- "Use the dev-signal secret pattern"
- "Fetch secrets from Secret Manager into a dictionary"
The Pattern
- Local Dev: Uses a
.envfile for fast iteration. - Production: Uses the
google-cloud-secret-managerSDK to fetch specific versions of secrets. - Isolation: Secrets are stored in a Python dictionary (
SECRETS) and passed as explicit parameters to toolset constructors or agent initializers. - No global env injection: Avoids using
os.environ[secret_id] = value.
Python Boilerplate
Refer to the included scripts/env_utils.py for the standard implementation.
More from googlecloudplatform/devrel-demos
go-backend-dev
Specialist in implementing robust HTTP services and APIs in Go. Activates for "endpoint", "handler", "API", "server".
41go-reviewer
Expert code reviewer focusing on idiomatic Go, concurrency safety, and clean code principles. Activates for "review", "idiomatic", "refactor".
41go-architect
Expert in Go project scaffolding, standard layout compliance, and dependency management. Activates for "new project", "structure", "layout".
36go-project-setup
>
26video-description
Generates optimized descriptions for video platforms from transcripts and supplementary material. Use when the user asks for a video description or provides a transcript for video preparation.
17agent-containerizer
Generates a standard Dockerfile that includes both Python and Node.js environments for AI agents.
4