Env Secrets Manager: Rotate Credentials Without Deploys
**TL;DR:** Manage your environment secrets lifecycle — inject, rotate, and audit credentials — without requiring application-level changes or deploys.
The 10-Second Pitch
- **What it is:** A secrets lifecycle manager that handles injection, rotation, and audit for environment-bound credentials.
- **Who it's for:** DevOps engineers, security teams, platform engineers managing secrets sprawl.
- **Why it matters:** Credential rotation is the most neglected part of secrets management — and the highest-value.
- **Stack:** Node.js, integrates with HashiCorp Vault, AWS Secrets Manager, and dotenv files.
Setup Directions
Prerequisites
- Node.js >= 18
- A secrets backend (Vault, AWS SM, or local dotenv for dev)
Step 1 - Install
```bash
npm install @mrtech/env-secrets-manager --save-dev
```
Step 2 - Initialize
```bash
npx secrets-manager init --backend=vault --url=http://vault:8200 --token=$VAULT_TOKEN
```
Step 3 - Rotate
```bash
npx secrets-manager rotate --key=STRIPE_API_KEY --env=production
```
Pros / Cons
| Dimension | Rating | Notes |
|-----------|--------|-------|
| Rotation Speed | 5/5 | One command to rotate any key |
| Backend Coverage | 4/5 | Vault, AWS, GCP, Azure all supported |
| Zero-Deploy Rotation | 5/5 | Agent updates env without restarting services |
Verdict
Env Secrets Manager makes credential rotation a CLI operation instead of a multi-day project. The zero-deploy rotation capability eliminates the biggest resistance to rotation policies.
Skill: env-secrets-manager | Ecosystem: claude-code | Runtime: node | Auth: api-key