Env Secrets Manager: Rotate Credentials Without Deploys

An AI agent that manages your environment secrets lifecycle — injection, rotation, and audit — without requiring deploys.

TL;DR: Manage your environment secrets lifecycle — inject, rotate, and audit credentials — without requiring application-level changes or deploys.

The 10-Second Pitch

What it is: A secrets lifecycle manager that handles injection, rotation, and audit for environment-bound credentials.
Who it's for: DevOps engineers, security teams, platform engineers managing secrets sprawl.
Why it matters: Credential rotation is the most neglected part of secrets management — and the highest-value.
Stack: Node.js, integrates with HashiCorp Vault, AWS Secrets Manager, and dotenv files.

Setup Directions

Prerequisites

Node.js >= 18
A secrets backend (Vault, AWS SM, or local dotenv for dev)

Step 1 - Install

bash npm install @mrtech/env-secrets-manager --save-dev

Step 2 - Initialize

bash npx secrets-manager init --backend=vault --url=http://vault:8200 --token=$VAULT_TOKEN

Step 3 - Rotate

bash npx secrets-manager rotate --key=STRIPE_API_KEY --env=production

Pros / Cons

Dimension	Rating	Notes
Rotation Speed	5/5	One command to rotate any key
Backend Coverage	4/5	Vault, AWS, GCP, Azure all supported
Zero-Deploy Rotation	5/5	Agent updates env without restarting services

Verdict

Env Secrets Manager makes credential rotation a CLI operation instead of a multi-day project. The zero-deploy rotation capability eliminates the biggest resistance to rotation policies.

Skill: env-secrets-manager | Ecosystem: claude-code | Runtime: node | Auth: api-key