Gsd-skill-creator env-setup

Name: env-setup
Author: Tibsfox

Environment configuration and secrets management. Use when setting up .env files, managing secrets, or configuring environments.

install

source · Clone the upstream repo

git clone https://github.com/Tibsfox/gsd-skill-creator

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/Tibsfox/gsd-skill-creator "$T" && mkdir -p ~/.claude/skills && cp -r "$T/examples/skills/patterns/env-setup" ~/.claude/skills/tibsfox-gsd-skill-creator-env-setup && rm -rf "$T"

manifest: examples/skills/patterns/env-setup/SKILL.md

source content

Environment Configuration

Non-Negotiable Rules

Rule	Why
NEVER commit .env to git	Secrets persist in history forever
NEVER log secret values	Logs stored in plain text, forwarded
NEVER hardcode secrets	Source code is widely shared
ALWAYS use .env.example	Documents vars without exposing values
ALWAYS add .env* to .gitignore FIRST	Prevents accidental commit
ALWAYS validate config at startup	Fail fast, not hours into production

.gitignore (add before creating .env)

.env
.env.*
!.env.example
*.pem
*.key
credentials.json

Naming Conventions

UPPER_SNAKE_CASE:
```
DATABASE_URL
```
,
```
JWT_SECRET
```
Prefix by service:
```
DB_
```
,
```
REDIS_
```
,
```
AWS_
```
Booleans:
```
ENABLE_CACHE=true
```
(not 1/yes)
Feature flags:
```
FEATURE_*
```

Key Patterns

No defaults for secrets — force explicit configuration
Validate at startup with Zod/Joi/Pydantic, not at first use
Unique secrets per environment — one leak shouldn't compromise all
Rotate leaked secrets immediately — check git history, audit access logs
Process env always wins — CI/CD overrides file-based config