Secure credential manager for AI tools. Secrets are injected transparently into shell commands via a PreToolUse hook — the agent never sees secret values or the master key. Trigger phrases include "add a secret", "inject credentials", "set up vault", "rv init", "rv add", or any secret/credential management request.
View on GitHubskills/redpill-vault/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/h4x3rotab/redpill-vault/blob/main/skills/redpill-vault/SKILL.md -a claude-code --skill redpill-vaultInstallation paths:
.claude/skills/redpill-vault/# redpill-vault Secure credential manager for AI tools. Secrets are injected transparently into shell commands — the agent never sees secret values or the master key. ## Setup Run these commands in order. Step 1 installs the CLI — always run it first, even if `rv` appears missing. ```bash ./skills/redpill-vault/setup.sh ``` ```bash rv init ``` Then tell the user to run `rv approve` in their terminal. Only the user can approve — the hook blocks the agent from running this command. ## Adding secrets ```bash rv add MY_SECRET -d "API key for the foobar service" ``` Then the user sets the value in the vault: ```bash psst set MY_SECRET --global ``` ## How it works Once approved, every Bash command the agent runs is automatically wrapped with `rv-exec`, which injects the secrets listed in `.rv.json` as environment variables. The agent never sees the secret values — they are resolved at execution time by `rv-exec` using the psst vault. ## Commands | Command | Who | Description | |---------|-----|-------------| | `rv init` | agent or user | Full setup (master key + vault + config + hook) | | `rv add <KEY>` | agent or user | Register a secret in `.rv.json` | | `rv remove <KEY>` | agent or user | Remove a secret from `.rv.json` | | `rv list` | agent or user | Show configured secrets | | `rv check` | agent or user | Verify all keys exist in vault | | `rv doctor` | agent or user | Full health check | | `rv approve` | **user only** | Approve this project for injection | | `rv revoke` | **user only** | Revoke project approval |