devtools-secretsKnowledge and guardrails for the mise + fnox + infisical secrets toolchain. Use when the user asks to "configure secrets", "set up fnox", "infisical", "mise...
Install via ClawdBot CLI:
clawdbot install basher83/devtools-secretsKnowledge and guardrails for the mise + fnox + infisical secrets toolchain.
IMPORTANT: Check tool availability before proceeding with any guidance.
command -v mise >/dev/null 2>&1 && echo "INSTALLED ($(mise --version 2>/dev/null | head -1))" || echo "MISSING โ install with: curl https://mise.run | sh"command -v fnox >/dev/null 2>&1 && echo "INSTALLED ($(fnox --version 2>/dev/null | head -1))" || echo "MISSING โ install with: mise use -g fnox"command -v infisical >/dev/null 2>&1 && echo "INSTALLED ($(infisical --version 2>/dev/null | head -1))" || echo "MISSING โ install with: mise use -g infisical"If any tool above shows MISSING, stop and help the user install it before
proceeding. Do not provide configuration guidance for tools that aren't
installed.
test -f fnox.toml && echo "YES" || echo "NO (run: fnox init)"test -f .infisical.json && cat .infisical.json || echo "NO (run: infisical init)"grep -A5 '^\[env\]' mise.toml 2>/dev/null || echo "No env section"test -f ~/.config/mise/config.toml && head -10 ~/.config/mise/config.toml || echo "No global mise config"test -f ~/.config/fnox/config.toml && head -10 ~/.config/fnox/config.toml || echo "No global fnox config"infisical user get 2>/dev/null | head -3 || echo "Not logged in or not installed"| Tool | Role |
|------|------|
| mise | Task runner + env manager. Orchestrates dev tooling, runs tasks, manages env vars through plugins. |
| fnox | Unified secret interface. Abstracts over multiple secret backends (infisical, age, env files) with a single CLI. |
| infisical | Remote secrets backend. Stores, syncs, and injects secrets from a central server. |
These tools complement each other: infisical stores secrets remotely, fnox
provides a unified local interface to them, and mise orchestrates tasks that
consume secrets via fnox.
The typical flow:
fnox exec -- resolves secrets from the provider and injects them as env varsfnox exec to run commands with secrets injectedcdThis project enforces secrets hygiene via always-on hooks in
.claude/settings.json (not scoped to this skill):
block-hardcoded-secrets.py โ Blocks Edit/Write operations containinghardcoded API keys, tokens, passwords, or known secret prefixes (sk-, ghp_,
AKIA, xox[bpras]-)
block-bare-secret-exports.py โ Blocks Bash commands that export secret-like env vars without wrapping in fnox exec or infisical run
These hooks are always active regardless of whether this skill is loaded.
Detailed configuration for each tool is in the reference files:
fnox exec works. Run fnox init if missing.
environment slugs. A mismatch silently returns empty secrets.
.infisical.json is safe to commit โ it contains project IDs andworkspace config, not secrets.
fnox.toml may contain sensitive paths โ review before committing ifusing age-encrypted file provider.
cd โ if a plugin calls fnox and fnox ismisconfigured, you get errors on every directory change.
infisical login tokens have a TTL. CI/CD should use INFISICAL_TOKEN (service token) instead.
/ cannot access secrets in child paths like /git_actions. Each path requires its
own token or use --recursive with the CLI directly.
Generated Mar 1, 2026
A tech startup needs to configure a secure development environment for its engineering team, ensuring secrets like API keys and database credentials are managed without hardcoding. The team uses mise for tool orchestration, fnox as a unified secrets interface, and infisical for remote storage, enabling seamless collaboration across local machines and CI/CD pipelines.
An e-commerce company requires robust secrets management for handling payment gateway keys, shipping API tokens, and customer data encryption secrets across staging and production environments. Integrating mise, fnox, and infisical ensures secure injection of environment-specific secrets during deployment, reducing the risk of leaks and simplifying audit trails.
A healthcare provider developing a patient portal must adhere to strict regulations like HIPAA for managing sensitive data such as authentication tokens and encryption keys. Using this toolchain helps enforce secrets hygiene through automated hooks, preventing accidental exposure and ensuring secrets are only accessed via authorized workflows in development and production.
A FinTech firm with a microservices architecture needs to manage secrets for multiple services, including banking APIs and transaction logging systems. The mise + fnox + infisical chain allows centralized control over secret injection per service, supporting different environments (dev, staging, prod) and reducing configuration errors during rapid deployments.
A DevOps team aims to standardize secrets management across various projects and cloud platforms, avoiding fragmented approaches. Implementing this toolchain provides a consistent interface for developers to handle secrets locally and in CI/CD, with mise orchestrating tasks and fnox abstracting backend providers like infisical for improved security and efficiency.
Offer the secrets management toolchain as a cloud-based service with tiered pricing based on the number of secrets, users, and environments. Revenue is generated through monthly or annual subscriptions, targeting startups and enterprises needing scalable, secure secret storage and injection without infrastructure overhead.
Provide professional services to help organizations integrate and customize the mise, fnox, and infisical toolchain for their specific workflows. Revenue comes from project-based fees for setup, training, and ongoing support, focusing on industries with high compliance requirements like finance and healthcare.
Sell enterprise licenses for on-premises or private cloud deployments of the toolchain, including advanced features like audit logging, custom integrations, and dedicated support. Revenue is generated through one-time license fees or annual maintenance contracts, targeting large corporations with strict data sovereignty needs.
๐ฌ Integration Tip
Always verify tool installation and configuration state before providing guidance, and ensure fnox.toml exists and profiles match infisical environments to avoid silent failures.
Extract text from PDFs with OCR support. Perfect for digitizing documents, processing invoices, or analyzing content. Zero dependencies required.
Fast local PDF parsing with PyMuPDF (fitz) for Markdown/JSON outputs and optional images/tables. Use when speed matters more than robustness, or as a fallback while heavier parsers are unavailable. Default to single-PDF parsing with per-document output folders.
Find, evaluate, and recommend ClawHub skills by need with quality filtering and preference learning.
Fetch full tweets, long tweets, quoted tweets, and X Articles from X/Twitter without login or API keys, using no dependencies and zero configuration.
Skill ๆฅๆพๅจ | Skill Finder. ๅธฎๅฉๅ็ฐๅๅฎ่ฃ ClawHub Skills | Discover and install ClawHub Skills. ๅ็ญ'ๆไปไนๆ่ฝๅฏไปฅX'ใ'ๆพไธไธชๆ่ฝ' | Answers 'what skill can X', 'find a skill'. ่งฆๅ...
Generate QR codes from text or URL for mobile scanning.