Claude-skill-registry decrypt-secrets

Decrypt MCP tokens for remote sessions

install

source · Clone the upstream repo

git clone https://github.com/majiayu000/claude-skill-registry

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/decrypt-secrets" ~/.claude/skills/majiayu000-claude-skill-registry-decrypt-secrets && rm -rf "$T"

manifest: skills/data/decrypt-secrets/SKILL.md

Decrypt Secrets

Decrypt your encrypted MCP tokens at the start of a remote session.

When to Use

At the start of a remote/web session when MCP servers need tokens
When you see "Encrypted secrets found but not decrypted" in session startup
When MCP servers fail due to missing authentication

How It Works

Your tokens are stored encrypted in
```
.env.local.encrypted
```
(safe to commit)
Running this decrypts them to
```
.env.local
```
(gitignored)
MCP servers then use the tokens automatically

Instructions

Run the decryption script and enter your passphrase:

node scripts/secrets/decrypt-secrets.js

You'll be prompted for the passphrase you set when encrypting.

First-Time Setup

If you haven't encrypted your secrets yet:

Add your tokens to

.env.local

GITHUB_TOKEN=ghp_your_token
SONAR_TOKEN=sqp_your_token
CONTEXT7_API_KEY=your_key

Encrypt them:

node scripts/secrets/encrypt-secrets.js

Commit
```
.env.local.encrypted
```
to your repo
In future sessions, just run the decrypt script

Security Notes

```
.env.local
```
is gitignored - your actual tokens are never committed
```
.env.local.encrypted
```
uses AES-256-GCM encryption
Choose a strong passphrase (8+ characters)
Your passphrase is never stored anywhere