UncategorizedVibe Coding Security391 lines

Credential Management

Quick Summary8 lines

AI-generated code loves hardcoded secrets. API keys inline, database passwords in config files, tokens committed to git. The AI doesn't understand that the string it just wrote will end up on GitHub, searchable by bots that scrape for credentials 24/7.

## Key Points

- repo: https://github.com/gitleaks/gitleaks
- repo: https://github.com/trufflesecurity/trufflehog

skilldb get vibe-coding-security-skills/credential-managementFull skill: 391 lines

Install this skill directly: skilldb add vibe-coding-security-skills

Get CLI access →

Related Skills

Credential Management

The Hardcoded Credentials Anti-Pattern

Environment Variables: The First Layer

.env Files and .gitignore

.env — LOCAL DEVELOPMENT ONLY

.env.example — Template for developers

Environment files

Key files

Service account files

IDE files that may cache env vars

Secret Managers: The Production Approach

AWS Secrets Manager

GCP Secret Manager

HashiCorp Vault

Rotating Secrets

Database Password Rotation with AWS

Lambda function for rotating RDS credentials

API Key Rotation Pattern

Detecting Leaked Credentials

truffleHog: Scan Git History

Install

Scan entire git history

Scan a specific branch

Scan before a commit (pre-commit hook)

gitleaks: Fast Regex-Based Scanning

Install

Scan repository

Scan staged changes only (for pre-commit)

Use in CI

Pre-Commit Hook Setup

.pre-commit-config.yaml

Install pre-commit and set up hooks

When Credentials Are Leaked

Step 1: Revoke the Credential

Don't just rotate — the old one is exposed. Revoke it entirely.

AWS: Deactivate the access key

GCP: Delete the service account key

Stripe: Roll the API key in the dashboard immediately

Step 2: Check for Unauthorized Use

AWS: Check CloudTrail for the compromised key

GCP: Check audit logs

Step 3: Remove from Git History

Use git-filter-repo (preferred over BFG)

Remove a file containing secrets from all history

Replace a specific string in all history

expressions.txt contains: sk_live_abc123==>REDACTED

Step 4: Force Push and Notify

After cleaning history, force push

Notify all team members to re-clone

The old history with secrets may still exist in local clones

Credential Hygiene Checklist

The Golden Rule

Details

Pack: vibe-coding-security-skills
File: credential-management.md
Lines: 391
Category: Uncategorized

Download via CLI

Pro

$ skilldb add vibe-coding-security-skills

Installs the full Vibe Coding Security pack to your project.

Credential Management

Related Skills

AI-Specific Vulnerabilities

Authentication and Authorization Patterns

Container and Deployment Security

Database Security Hardening

Dependency Supply Chain Security

Error Handling and Information Leakage