ARS.FLOW
← Back to skills
Security Review & Secure DefaultsHigh ReliabilityHigh-Risk Workflow

Secrets Config Sanity Check

Checks required environment/config keys and flags dangerous defaults for deterministic pre-deploy safety gates.

Version

0.1.0

Last Updated

Apr 22, 2026

Verification Type

static analysis, manual review required

Downloads

0

Required inputs

  • env_example (text)

    Required environment keys and baseline defaults.

  • target_config (text)

    Target deployment configuration values.

Expected outputs

  • config_sanity_report (markdown)

    Summary of missing and unsafe config findings.

Included checks and assets

  • scripts/scan_env_sanity.py (script)

    Checks required keys and unsafe default values from env/config files.

  • references/required-keys-policy.md (reference)

    Policy for required runtime configuration key management.

  • references/unsafe-defaults-list.md (reference)

    List of insecure default patterns to block in deployment configs.

Failure modes

  • Configuration requirements may drift from runtime expectations.
  • Platform-injected secrets can be falsely flagged as missing.
  • Environment-specific exemptions need explicit documentation.

Ideal use cases

  • Pre-deploy configuration checks
  • Service onboarding security reviews
  • Production readiness gates

Example runs

Production env preflight

Validated sample run

Finds missing API key and dangerous debug default.

Input preview

.env.example + .env.prod

Output preview

2 fails with remediation guidance

Changelog summary

  • 0.1.0 · Apr 22, 2026

    Initial release for configuration sanity validation.

Links

Inspect the source, read authored documentation, or download the published skill bundle.

DownloadSourceDocs