[REVIEW] secrets-management: add secret-zero bootstrap credential gates

[shensz2017]

Skill Review ($25 Bounty)

Skill Reviewed

Skill name: secrets-management
Skill path: skills/devsecops/secrets-management/SKILL.md

Gap Found

The skill covers short-lived tokens, JIT credentials, Vault AppRole, Kubernetes service account injection, and OIDC examples, but it does not explicitly require evidence for the bootstrap path used to obtain the first machine credential. A system can use Vault or OIDC for dynamic credentials while still storing paired bootstrap secrets, accepting over-broad OIDC claims, or persisting exchanged tokens into artifacts/logs/caches.

Why It Matters

Secret rotation and dynamic credentials do not solve the "secret zero" problem by themselves. CI/CD agents, bots, Kubernetes workloads, and AI agents need a bounded, auditable machine identity exchange. If both halves of an AppRole, cloud key pair, or broker client secret are stored together, or if OIDC trust is not bound to repo/ref/environment/workflow claims, the vault becomes a credential vending machine for untrusted workloads.

Evidence Pattern That Should Fail

• Agent stores both VAULT_ROLE_ID and VAULT_SECRET_ID in GitHub Actions secrets
• AppRole secret_id_ttl and secret_id_num_uses are unlimited
• Issued token TTL is 24h for an 8-minute task
• Token can be written to workspace artifacts
• Audit logs do not include run ID, actor, requested scope, or revocation result

Suggested Fix

Add secret-zero/bootstrap gates requiring:

• no paired bootstrap secrets stored together
• OIDC/workload identity roles bound to issuer, audience, subject, repository/project, branch/ref, environment, namespace, service account, and workflow/job identity where supported
• response wrapping, one-use secret_id, and short TTL when AppRole is unavoidable
• issued credentials aligned to task duration and least privilege
• no persistence of exchanged tokens into logs, artifacts, caches, workspace files, crash dumps, or transcripts
• audit correlation for automated secret issuance and revocation

Bounty Info

• I have read and agree to the CONTRIBUTING.md bounty terms
• Preferred payment method: GitHub Sponsors

[JamesJi79]

/attempt #2064

JamesJi79 will submit VALID GAP analysis for this [REVIEW] issue.

[JamesJi79]

/attempt #2064

VALID GAP — Secret-Zero Bootstrap Credential Gates

Why Valid (FP confirmed)

The secrets-management skill covers short-lived tokens, JIT credentials, Vault AppRole, Kubernetes service account injection, and OIDC examples comprehensively. However, it does not address the bootstrap path used to obtain the first machine credential. A system can use Vault or OIDC for all dynamic credentials while still storing paired bootstrap secrets (role_id + secret_id), accepting over-broad OIDC claims, or persisting exchanged tokens into artifacts/logs/caches. The secret-zero problem is not solved by rotation alone.

Coverage Gaps

Gap 1 — Paired bootstrap secrets stored together — Vault AppRole binding works when role_id and secret_id originate separately. If both halves are stored in the same GitHub Actions secret, CI/CD config map, or environment file, the bootstrap path has no separation of trust. The skill should require evidence that no paired bootstrap secrets are stored together. Need gate: Bootstrap secret separation — no paired role_id + secret_id or key pair halves stored in the same secret scope.

Gap 2 — OIDC/workload identity claim over-broadening — OIDC trust policies that are not bound to specific issuer, audience, subject, repository, branch, environment, or workflow/job claims allow any workflow in a repository to exchange tokens for vault credentials. The skill should require OIDC role claim scoping evidence. Need gate: OIDC/workload identity role binding with issuer, audience, subject, repository, branch, environment, and workflow/job identity constraints.

Gap 3 — Token persistence in artifacts, logs, and caches — Even with Vault/OIDC, exchanged tokens can be written to workspace artifacts, cached in CI/CD caches, logged to build outputs, appear in crash dumps, or persist in transcript stores. The skill should require evidence that exchanged credentials are not persisted outside the runtime boundary. Need gate: Non-persistence verification — no exchanged tokens in artifacts, logs, caches, workspace files, crash dumps, or transcripts.

Suggested Gates

1. SEC-ZERO-01: Bootstrap secret separation — paired role_id/secret_id, key pair halves, or client credentials not stored in the same secret scope.
2. SEC-ZERO-02: OIDC/workload identity role binding with explicit issuer, audience, subject, repository, branch, environment, and workflow/job identity constraints.
3. SEC-ZERO-03: Non-persistence verification — exchanged tokens not written to artifacts, logs, caches, workspace files, crash dumps, or transcripts.

[Dolpme]

Submitted implementation PR: #2210

Scope: adds secret-zero/bootstrap evidence gates to secrets-management for paired bootstrap factor separation, OIDC/workload identity claim binding, AppRole fallback controls, exchanged-token non-persistence, and audit correlation.

Validation: git diff --check; frontmatter required-field check; index.yaml referenced-file existence check; markdown fence-balance check; target marker check; changed-file prompt-injection pattern check.

Payment details can be provided privately after maintainer acceptance.