← Back to PayloadsAgent Skills2026-04-21
Env Secrets Manager: Rotate Credentials Without Deploys
An AI agent that manages your environment secrets lifecycle — injection, rotation, and audit — without requiring deploys.
Quick Access
Install command
$ mrt install security

<!--tl&dr-->
TL;DR: Manage your environment secrets lifecycle — inject, rotate, and audit credentials — without requiring application-level changes or deploys.
<!--/tl&dr-->
The 10-Second Pitch
- What it is: A secrets lifecycle manager that handles injection, rotation, and audit for environment-bound credentials.
- Who it's for: DevOps engineers, security teams, platform engineers managing secrets sprawl.
- Why it matters: Credential rotation is the most neglected part of secrets management — and the highest-value.
- Stack: Node.js, integrates with HashiCorp Vault, AWS Secrets Manager, and dotenv files.
Setup Directions
Prerequisites
- Node.js >= 18
- A secrets backend (Vault, AWS SM, or local dotenv for dev)
Step 1 - Install
bash
npm install @mrtech/env-secrets-manager --save-dev
Step 2 - Initialize
bash
npx secrets-manager init --backend=vault --url=http://vault:8200 --token=$VAULT_TOKEN
Step 3 - Rotate
bash
npx secrets-manager rotate --key=STRIPE_API_KEY --env=production
Pros / Cons
| Dimension | Rating | Notes |
|---|
| Rotation Speed | 5/5 | One command to rotate any key |
| Backend Coverage | 4/5 | Vault, AWS, GCP, Azure all supported |
| Zero-Deploy Rotation | 5/5 | Agent updates env without restarting services |
Verdict
Env Secrets Manager makes credential rotation a CLI operation instead of a multi-day project. The zero-deploy rotation capability eliminates the biggest resistance to rotation policies.
Skill: env-secrets-manager | Ecosystem: claude-code | Runtime: node | Auth: api-key