密钥管理最佳实践指南：HashiCorp Vault与AWS Secrets Manager安全配置

secrets-management by aj-geddes/useful-ai-prompts

146 周安装量

160 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill secrets-management

云服务开发运维安全

🇨🇳中文介绍

密钥管理

概述

部署和配置安全的密钥管理系统，以存储、轮换和审计您基础设施中敏感凭据、API 密钥和证书的访问。

使用场景

数据库凭据管理
API 密钥和令牌存储
证书管理
SSH 密钥分发
凭据轮换自动化
审计与合规性日志记录
多环境密钥管理
加密密钥管理

快速开始

最小工作示例：

# vault-config.hcl
storage "raft" {
  path    = "/vault/data"
  node_id = "node1"
}

listener "tcp" {
  address       = "0.0.0.0:8200"
  tls_cert_file = "/vault/config/vault.crt"
  tls_key_file  = "/vault/config/vault.key"
}

api_addr     = "https://0.0.0.0:8200"
cluster_addr = "https://0.0.0.0:8201"

ui = true

参考指南

references/ 目录下的详细实现：

指南	内容

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

🇺🇸English

Secrets Management

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Deploy and configure secure secrets management systems to store, rotate, and audit access to sensitive credentials, API keys, and certificates across your infrastructure.

When to Use

Database credentials management
API key and token storage
Certificate management
SSH key distribution
Credential rotation automation
Audit and compliance logging
Multi-environment secrets
Encryption key management

Quick Start

Minimal working example:

# vault-config.hcl
storage "raft" {
  path    = "/vault/data"
  node_id = "node1"
}

listener "tcp" {
  address       = "0.0.0.0:8200"
  tls_cert_file = "/vault/config/vault.crt"
  tls_key_file  = "/vault/config/vault.key"
}

api_addr     = "https://0.0.0.0:8200"
cluster_addr = "https://0.0.0.0:8201"

ui = true

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
HashiCorp Vault Setup	HashiCorp Vault Setup
Vault Kubernetes Integration	Vault Kubernetes Integration
Vault Secret Configuration	Vault Secret Configuration
AWS Secrets Manager Configuration	AWS Secrets Manager Configuration
Kubernetes Secrets	Kubernetes Secrets

Best Practices

✅ DO

Rotate secrets regularly
Use strong encryption
Implement access controls
Audit secret access
Use managed services
Implement secret versioning
Encrypt secrets in transit
Use separate secrets per environment

❌ DON'T

Store secrets in code
Use weak encryption
Share secrets via email/chat
Commit secrets to version control
Use single master password
Log secret values
Hardcode credentials
Disable rotation

Weekly Installs

106

Repository

aj-geddes/usefu…-prompts

GitHub Stars

116

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketWarn SnykPass

Installed on

opencode89

gemini-cli87

codex85

cursor83

claude-code82

github-copilot75

HashiCorp Vault 设置	HashiCorp Vault 设置
Vault Kubernetes 集成	Vault Kubernetes 集成
Vault 密钥配置	Vault 密钥配置
AWS Secrets Manager 配置	AWS Secrets Manager 配置
Kubernetes Secrets	Kubernetes Secrets