Gsd-skill-creator env-setup
Environment configuration and secrets management. Use when setting up .env files, managing secrets, or configuring environments.
install
source · Clone the upstream repo
git clone https://github.com/Tibsfox/gsd-skill-creator
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/Tibsfox/gsd-skill-creator "$T" && mkdir -p ~/.claude/skills && cp -r "$T/project-claude/skills/env-setup" ~/.claude/skills/tibsfox-gsd-skill-creator-env-setup-82a9e8 && rm -rf "$T"
manifest:
project-claude/skills/env-setup/SKILL.mdsource content
Environment Configuration
Non-Negotiable Rules
| Rule | Why |
|---|---|
| NEVER commit .env to git | Secrets persist in history forever |
| NEVER log secret values | Logs stored in plain text, forwarded |
| NEVER hardcode secrets | Source code is widely shared |
| ALWAYS use .env.example | Documents vars without exposing values |
| ALWAYS add .env* to .gitignore FIRST | Prevents accidental commit |
| ALWAYS validate config at startup | Fail fast, not hours into production |
.gitignore (add before creating .env)
.env .env.* !.env.example *.pem *.key credentials.json
Naming Conventions
- UPPER_SNAKE_CASE:
,DATABASE_URLJWT_SECRET - Prefix by service:
,DB_
,REDIS_AWS_ - Booleans:
(not 1/yes)ENABLE_CACHE=true - Feature flags:
FEATURE_*
Key Patterns
- No defaults for secrets — force explicit configuration
- Validate at startup with Zod/Joi/Pydantic, not at first use
- Unique secrets per environment — one leak shouldn't compromise all
- Rotate leaked secrets immediately — check git history, audit access logs
- Process env always wins — CI/CD overrides file-based config