moai-core-env-security
SKILL.md
Environment Security & Secrets Management -
Secure environment variable and credentials management patterns for production systems
Scope: MoAI-ADK Security Infrastructure Framework: dotenv, environment isolation, secrets vault integration Keywords: env-security, secrets-management, credentials, dotenv, vault
Level 1: Quick Reference
Core Principles
- Never commit secrets: .env files in .gitignore
- Environment separation: dev, test, production isolation
- Credential rotation: Regular key updates
- Access control: Principle of least privilege
- Audit logging: Track secret access
Environment Management
# Development
.env.local (gitignored, local overrides)
.env (defaults, can be in git with defaults only)
.env.example (template, safe to commit)
# Production
.env.production (via deployment platform)
Secret vault integration (AWS Secrets Manager, Vault, etc)
Level 2: Implementation Patterns
.env File Structure
# Database
DATABASE_URL=postgresql://user:pass@localhost/db
DATABASE_POOL_SIZE=20
# API Keys
STRIPE_API_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...
# Feature Flags
FEATURE_NEW_CHECKOUT=true
DEBUG_MODE=false
Secret Rotation
- Automated rotation policies
- Deprecation warnings
- Migration guides
- Minimal downtime strategies
Level 3: Enterprise Security
Vault Integration
- HashiCorp Vault for centralized secrets
- Dynamic credentials generation
- Audit trail and compliance
- Multi-environment management
Compliance
- OWASP guidelines
- SOC 2, ISO 27001 requirements
- GDPR data handling
- PCI-DSS for payment data
References
- 12-Factor App: https://12factor.net/config
- OWASP Secrets Management: https://cheatsheetseries.owasp.org/
Last Updated: 2025-11-18 Format: Markdown | Language: English Status: Stable Version: 4.0.0
Weekly Installs
1
Repository
jg-chalk-io/nora-livekitFirst Seen
Mar 2, 2026
Security Audits
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1