garrettroi/vault_client
skills/vault_client/SKILL.md
Secure API key access from the centralized vault. Fetch keys on-demand without storing them in environment variables.
tools
Updated May 22, 2026
$ install --global
skillsauthnpx skillsauth add garrettroi/open-manus vault_clientInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 22, 2026, 2:53 AM147.5s4 files scanned
SKILL.md
- name:
- vault_client
- description:
- Secure API key access from the centralized vault. Fetch keys on-demand without storing them in environment variables.
- version:
- 2.0.0
- author:
- Valentina
- license:
- MIT
- tags:
- [vault, security, api-keys, credentials]
- related_skills:
- [n8n-automation-builder, github-auth]
Vault Client — Secure API Key Access
This skill provides secure access to API keys stored in the centralized Key Vault. You never need to store raw API keys in your environment — instead, fetch them on-demand from the vault.
Status: ✅ Fully tested and working (March 20, 2026)
Quick Start
List your available keys
python3 /app/skills/vault_client/vault_client.py list
Fetch a key value
python3 /app/skills/vault_client/vault_client.py get GITHUB_API
Get the skill/tool usage guide for a key
python3 /app/skills/vault_client/vault_client.py skill GITHUB_API
Export all your keys as environment variables
python3 /app/skills/vault_client/vault_client.py export
Using in Python Code
Method 1: Subprocess (Recommended - Most Reliable)
Use this method when:
- Running in sandboxed environments
- Environment variables may not be inherited
- You want the simplest, most reliable approach
import subprocess
import os
# Fetch a single key
result = subprocess.run(
['python3', '/app/skills/vault_client/vault_client.py', 'get', 'GITHUB_API'],
capture_output=True, text=True
)
if result.returncode == 0:
api_key = result.stdout.strip()
print(f"Key retrieved: {api_key[:20]}...")
else:
print(f"Error: {result.stderr}")
# List all available keys
result = subprocess.run(
['python3', '/app/skills/vault_client/vault_client.py', 'list'],
capture_output=True, text=True
)
print(result.stdout)
# Get skill documentation
result = subprocess.run(
['python3', '/app/skills/vault_client/vault_client.py', 'skill', 'N8N_API'],
capture_output=True, text=True
)
print(result.stdout)
Method 2: Direct Import (When Environment is Set)
Use this method when:
- Running in main agent process (not sandboxed)
VAULT_URLandVAULT_TOKENenvironment variables are confirmed set- You need repeated key access (benefits from caching)
import sys
sys.path.insert(0, '/app/skills/vault_client')
from vault_client import vault
# Fetch a key
api_key = vault.get("GITHUB_API")
print(f"Key: {api_key[:20]}...")
# List all keys you have access to
keys = vault.list_keys()
for k in keys:
print(f"{k['key_name']}: {k['description']}")
# Get skill description for how to use a key
info = vault.get_skill("GITHUB_API")
print(info['skill_description'])
# Export all keys as env vars
vault.export_env()
Note: Direct import requires VAULT_URL and VAULT_TOKEN to be set in the environment. If you get "VAULT_TOKEN not set", use Method 1 (subprocess).
Real-World Examples
Example 1: Using with GitHub API
import subprocess
import requests
# Get GitHub token from vault
result = subprocess.run(
['python3', '/app/skills/vault_client/vault_client.py', 'get', 'GITHUB_API'],
capture_output=True, text=True
)
github_token = result.stdout.strip()
# Use with GitHub API
headers = {"Authorization": f"token {github_token}"}
response = requests.get("https://api.github.com/user/repos", headers=headers)
print(f"Repos: {len(response.json())}")
Example 2: Using with n8n
import subprocess
import requests
# Get n8n key from vault
result = subprocess.run(
['python3', '/app/skills/vault_client/vault_client.py', 'get', 'NEWEST_N8N_API'],
capture_output=True, text=True
)
n8n_key = result.stdout.strip()
# Use with n8n API
headers = {"X-N8N-API-KEY": n8n_key}
response = requests.get(
"https://primary-production-38b8.up.railway.app/api/v1/workflows",
headers=headers
)
print(f"Workflows: {len(response.json().get('data', []))}")
Example 3: Bash Script Integration
#!/bin/bash
# Get key from vault
export GITHUB_API_KEY=$(python3 /app/skills/vault_client/vault_client.py get GITHUB_API)
# Use in subsequent commands
curl -H "Authorization: token $GITHUB_API_KEY" https://api.github.com/user
How It Works
- Your agent has two environment variables:
VAULT_URLandVAULT_TOKEN - When you call
vault.get("KEY_NAME"), it makes an authenticated request to the vault - The vault checks if you have a grant for that key
- If granted, it decrypts and returns the key value
- If denied, you get a clear error message
- Every access is logged in the audit trail
Key Features
- Cached: Keys are cached in memory after first fetch (within a session)
- Audited: Every fetch is logged — Garrett can see who accessed what and when
- Permissioned: You can only access keys that Garrett has explicitly granted to you
- Skill Docs: Each key can have a usage guide explaining how to use the API it unlocks
Troubleshooting
"VAULT_TOKEN not set"
Cause: Running Python code in a sandbox/subprocess that doesn't inherit environment variables.
Solution: Use the subprocess method:
import subprocess
result = subprocess.run(
['python3', '/app/skills/vault_client/vault_client.py', 'get', 'KEY_NAME'],
capture_output=True, text=True
)
key = result.stdout.strip()
"Access Denied" or 403 Error
Cause: You don't have a grant for that key.
Solution: Ask Harmony to request access from Garrett via the vault dashboard.
"Cannot Reach Vault"
Cause: The vault service may be down or restarting.
Solution: Wait a minute and try again. Check if VAULT_URL environment variable is set:
echo $VAULT_URL
# Should output: https://vault-production-f4c2.up.railway.app
Key Name Not Found
Cause: Key names may vary over time.
Solution: Always list keys first to see current names:
python3 /app/skills/vault_client/vault_client.py list
Empty Key Value
Cause: Key may exist but value is empty, or there was a retrieval error.
Solution: Check error output:
result = subprocess.run([...], capture_output=True, text=True)
if result.returncode != 0:
print(f"Error: {result.stderr}")
Available Keys (Examples)
Key names may change. Always run vault list to see current keys.
Common keys found:
GITHUB_API— GitHub personal access tokenNEWEST_N8N_API— n8n automation API keyN8N_API_ON_RAILWAY— Legacy n8n key
Environment Variables
These are set automatically for each agent:
VAULT_URL=https://vault-production-f4c2.up.railway.app
VAULT_TOKEN=<agent-specific-token>
Do not modify these. Each agent has their own token.
Best Practices
- Always use the vault — Never hardcode API keys in code
- Use subprocess for reliability — Works in all environments
- Check key names first — Run
vault listbefore fetching - Handle errors gracefully — Check return codes and stderr
- Cache in memory only — Don't write keys to disk
- Test with CLI first — If Python fails, test:
python3 /app/skills/vault_client/vault_client.py get KEY_NAME
Testing Your Setup
Run these commands to verify everything works:
# Should show available keys
python3 /app/skills/vault_client/vault_client.py list
# Should return key value (not error)
python3 /app/skills/vault_client/vault_client.py get GITHUB_API
# Should return skill documentation
python3 /app/skills/vault_client/vault_client.py skill GITHUB_API
If all three work, the vault is functional and ready to use.
Related Skills
garrettroi/skills/voice_sanitizer
development
VerifiedTrustedCommunity
# Voice Sanitizer This skill cleans up text before it is sent to the Text-to-Speech (TTS) engine. It removes technical jargon, code blocks, and long URLs to ensure the agent sounds natural and conversational in voice chat. ## Usage To sanitize text for speech, run the following command in the terminal: ```bash python3 /app/skills/voice_sanitizer/sanitizer.py "Your long, technical text with `code` and https://links.com/long-url" ``` ### Example Output ```text Your long, technical text with a
SKILL.mdUpdated May 22, 2026
garrettroi/video-generator
tools
VerifiedTrustedCommunity
Professional AI video production workflow. Use when creating videos, short films, commercials, or any video content using AI generation tools.
SKILL.mdUpdated May 22, 2026
garrettroi/skills/task_board
testing
VerifiedTrustedCommunity
# Task Board — Persistent Task Tracking for Open Manus This skill provides a shared task board backed by Redis. Harmony uses it to track delegated work across all agents, and agents use it to report progress and completion. ## When to Use - **Harmony**: Use this whenever you delegate a task to an agent. Add the task to the board, then check the board periodically to follow up. - **Worker Agents**: Use this to update your task status or mark tasks as complete. ## Commands ### Add a new task
SKILL.mdUpdated May 22, 2026
garrettroi/skills/task-planner
tools
VerifiedTrustedCommunity
# Task Planner This skill replicates the core functionality of the Manus.im `plan` tool. It allows you to create, manage, and display a structured, multi-phase task plan to guide your execution. ## When to Use Use this skill at the beginning of every complex, multi-step task. Update the plan whenever the user changes requirements or you discover significant new information. Advance the plan when you complete a phase. ## Commands ### Create or Update a Plan ``` /task-planner update --goal "
SKILL.mdUpdated May 22, 2026