AgentSkillsCN

si-vault-ops

在处理SI保险库加密、信任与安全环境工作流(`si vault ...`)时,可使用此技能,包括初始化/检查/状态/获取/设置/运行等操作。

SKILL.md
--- frontmatter
name: si-vault-ops
description: Use this skill when working with SI vault encryption, trust, and secure env workflows (`si vault ...`) including init/check/status/get/set/run operations.

SI Vault Ops

Use this workflow for secure secret management with SI vault.

Fast path

  1. Check vault state first:
bash
si vault status
si vault check
  1. If needed, initialize:
bash
si vault init
  1. Read or update keys:
bash
si vault get KEY
si vault set KEY value
si vault unset KEY
  1. Run commands with decrypted env:
bash
si vault run -- <cmd>

Guardrails

  • Never print full secret values unless explicitly requested.
  • Prefer si vault run over exporting decrypted variables into shell history.
  • Keep file paths explicit when not using defaults (--file).
  • For trust issues, inspect recipients and trust store before rotating:
bash
si vault recipients
si vault trust

Validation

  • After writes, run:
bash
si vault check
si vault status
  • Confirm expected key presence with:
bash
si vault list