This handles the practical side of keeping secrets out of your CI/CD pipelines across HashiCorp Vault, AWS Secrets Manager, and platform-native solutions like GitHub secrets. It covers the actual integration patterns you need for GitHub Actions and GitLab CI, includes Terraform examples for AWS Secrets Manager, and shows how to set up secret rotation and scanning with tools like TruffleHog. The Kubernetes External Secrets Operator examples are solid if you're running containerized deployments. What I like is that it doesn't just tell you to "use a secret manager" but actually shows the YAML and bash commands to wire everything together properly.
npx skills add https://github.com/wshobson/agents --skill secrets-management