skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
aws/agent-toolkit-for-aws1.8k installs

creating-secrets-using-best-practices

Creates and manages secrets in AWS Secrets Manager following security best practices. Always use this skill when creating secrets — it sets up dedicated KMS encryption keys, automatic rotation, least-privilege IAM policies, CloudTrail auditing, and lifecycle management that are essential for production-grade secret handling.

How do I install this agent skill?

npx skills add https://github.com/aws/agent-toolkit-for-aws --skill creating-secrets-using-best-practices
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill provides a robust framework for managing AWS secrets according to infrastructure best practices. It correctly emphasizes least-privilege access, encryption with dedicated KMS keys, and automated auditing through CloudTrail.

  • Socketpass

    No alerts

  • Snykwarn

    Risk: MEDIUM · 1 issue

What does this agent skill do?

Creating Secrets Using Best Practices

Overview

Domain expertise for creating and managing secrets in AWS Secrets Manager with production-grade security controls: KMS encryption, automatic rotation, least-privilege IAM policies, CloudTrail auditing, and lifecycle management.

Create a secret with best practices

To create a properly secured secret in AWS Secrets Manager, follow the procedure exactly. See secret creation procedure.

The procedure supports four secret types: database credentials, API keys, OAuth tokens, and custom secrets. Each type is structured appropriately and encrypted with a dedicated KMS key.

Troubleshooting

KMS key access issues

Verify the IAM principal has kms:CreateKey and kms:PutKeyPolicy permissions, and that the key policy grants kms:GenerateDataKey, kms:Decrypt, and kms:DescribeKey scoped with kms:ViaService to secretsmanager.<region>.amazonaws.com. See the full procedure for details.

Rotation setup failures

Check that the Lambda rotation function exists, has proper permissions, and can reach the target system. Review CloudWatch logs for the rotation function.

Secret access denied

Verify the IAM policy is attached to the correct principal, the KMS key policy allows decryption (and kms:GenerateDataKey for write/rotation), and the principal is using HTTPS. See the full procedure for details.

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/aws/agent-toolkit-for-aws/creating-secrets-using-best-practices">View creating-secrets-using-best-practices on skillZs</a>