Varlock

This wraps the Varlock CLI to keep secrets out of Claude's context during development sessions. It enforces rules like never echoing environment variables, never reading .env files directly, and always using masked validation output. You define a .env.schema with type annotations and sensitivity flags, then Varlock validates without exposing values in terminal output or logs. The skill includes patterns for safe secret rotation, CI/CD integration, and external sources like 1Password or AWS Secrets Manager. Honestly most useful if you're already paranoid about secrets leaking into LLM context windows or you're working in a compliance heavy environment where audit trails matter.