Ole-Morten Duesund
ed82cebd16
Hooks: - PreToolUse: block direct edits to credential files (99-claude, etc.) - PostToolUse: auto-run shellcheck after editing bash.d scripts Skill: - /new-credential: scaffolds a credential file pair (.example template + real file), adds to .gitignore, sets permissions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.7 KiB
1.7 KiB
| name | description | user-invocable | disable-model-invocation | arguments | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| new-credential | Create a new bash.d credential file with .example template, .gitignore entry, and correct permissions | true | true |
|
Create a new credential file pair in ~/.bash.d/ following the project conventions.
Steps
-
Create the
.exampletemplate at99-$name.example(mode 644):# shellcheck shell=bash # <Description of what this credential is for> # Copy to 99-$name and fill in your token, then: chmod 700 99-$name require_private "${BASH_SOURCE[0]}" export $var=your-token-here -
Create the real credential file at
99-$name(mode 700):# shellcheck shell=bash # NOTE: Contains credentials - ensure file permissions remain 600/700 require_private "${BASH_SOURCE[0]}" export $var=your-token-here -
Add
99-$nameto.gitignore(append to the existing credential list) -
Set permissions:
chmod 700 99-$name -
Validate both files:
shellcheck 99-$name.example 99-$name -
Remind the user to edit
99-$nameand fill in the real secret value
Rules
- The
.exampletemplate must NOT contain real secrets — useyour-token-hereas placeholder - The real credential file must have mode
700 - Both files must start with
# shellcheck shell=bash - Both files must call
require_private "${BASH_SOURCE[0]}"as the first functional line - Only the
.examplefile should be staged in git — verify99-$nameis gitignored