A skill for AI coding agents that finds plaintext credentials in your local files, triages which ones are worth vaulting, and walks you through migrating them into 1Password — either as chezmoi templates for home dotfiles or as op inject/op run workflows for project-local .env files and key/cert files.
Works with Claude Code, Cursor, Codex, and any agent that supports the skills.sh format.
Via the skills CLI (github.com/vercel-labs/skills):
npx skills add idosh9/vault-credentialsOr copy skills/vault-credentials/ into your agent's skills directory manually (e.g. ~/.claude/skills/ for Claude Code).
op— 1Password CLI 2.x, signed in to at least one accounttrufflehogand/orgitleaksfor scanningchezmoi— only if you use the home-dotfiles paths (Paths 1 and 2 in SKILL.md)jq,awk(preinstalled on macOS and most Linux)
- Scans a curated set of locations for plaintext credentials using
trufflehog --no-verification. Verification is explicitly forbidden — see "Why no verification" below. - Triages findings by detector confidence tier (1 / 2 / 3) and path heuristics. Drops lockfiles, test fixtures, raw-data dumps, vendored deps; surfaces high-confidence leaks for action; bucket-counts the noisy detectors (Azure GUIDs, GitLab hash-shaped strings) instead of enumerating them.
- Walks you through migration along one of four paths:
- Path 1 / 2 — home dotfiles (
~/.zshrc,~/.npmrc, etc.): templated via chezmoi +onepasswordRead - Path 3 — project-local
.env:.env.templatewithop://references, materialized viaop injectorop run - Path 4 — file-content secrets (
.p8, service-account JSONs, PEM keys): vaulted as op documents, materialized just-in-time
- Path 1 / 2 — home dotfiles (
- Surfaces rotation reminders for every vaulted secret. Anything that was plaintext on disk is presumed compromised (backups, Spotlight, IDE caches, shell history all see your files) — vaulting without rotation only solves half the problem.
# In a project with a leaky .env
trufflehog filesystem . --no-verification --no-update \
--exclude-paths=skills/vault-credentials/trufflehog-exclude.txt
# → finds OPENAI_API_KEY in .env
op item create --account <acct> --vault <vault> \
--category "API Credential" --title "OpenAI API key - myapp" \
credential="$(awk -F= '/^OPENAI_API_KEY/{print $2}' .env)"
cat > .env.template <<'EOF'
OPENAI_API_KEY=op://<vault>/OpenAI API key - myapp/credential
EOF
echo .env >> .gitignore
op run --account <acct> --env-file=.env.template -- python app.pySee skills/vault-credentials/SKILL.md for the full workflow, including the detection rubric, noise-reduction strategy, the four migration paths, and a closing checklist.
Verified scanning transmits candidate credentials to the issuing services (AWS, GitHub, npm, OpenAI, Anthropic, Stripe, Snowflake, etc.) to check whether they're live. That's a credential exfiltration channel even when results aren't logged — especially bad when scanning a tree that contains credentials owned by your employer, customers, or collaborators. Path-based exclusion and detector confidence tiers handle the noise without that risk; see the noise-reduction section in SKILL.md.
The skill uses <acct> and <vault> as placeholders for your 1Password account shorthand and target vault. The Setup section at the top of SKILL.md tells you how to find them and what to substitute. The skill never assumes you're in a specific organization or vault.
MIT — see LICENSE.