AI Agent Skills
Use Redshift with AI coding agents for natural-language secret management.
The Redshift CLI ships with an Agent Skill — a structured instruction file that teaches AI coding agents how to use the Redshift CLI on your behalf. The skill follows the open Agent Skills standard and works with Claude Code, OpenCode, Claude Agent SDK, and claude.ai.
What the Skill Covers
The skill covers the full Redshift CLI surface:
| Command | Description |
|---|---|
| redshift login | Authenticate with Nostr identity (nsec, bunker, NostrConnect) |
| redshift logout | Clear stored credentials |
| redshift me | Display current identity |
| redshift setup | Configure project and environment |
| redshift secrets | List, get, set, delete, upload, and download secrets |
| redshift run | Run commands with secrets injected as environment variables |
| redshift configure | View and modify CLI configuration |
| redshift serve | Start the local web admin UI |
| redshift upgrade | Self-update the CLI binary |
Prerequisites
Before using the skill, ensure the Redshift CLI is installed and you're authenticated:
# Install Redshift CLI
curl -fsSL https://redshiftapp.com/install | sh
# Authenticate
redshift loginInstallation
Claude Code
The skill is in the Redshift repository. To use it in your project:
# Copy into your project's .claude/skills/ directory
mkdir -p .claude/skills
cp -r path/to/redshift/skills/redshift .claude/skills/Or add it globally:
mkdir -p ~/.claude/skills
cp -r path/to/redshift/skills/redshift ~/.claude/skills/Claude Code discovers skills automatically. Test it by asking Claude Code: "Show me my secrets for the dev environment."
OpenCode
Copy the skill into your project or global config:
# Project-level
mkdir -p .opencode/skills
cp -r path/to/redshift/skills/redshift .opencode/skills/
# Global
mkdir -p ~/.config/opencode/skills
cp -r path/to/redshift/skills/redshift ~/.config/opencode/skills/Claude Agent SDK
Include the skills/redshift/ directory in your .claude/skills/ directory and add "Skill" to your allowed_tools configuration.
claude.ai
Zip the skills/redshift/ directory and upload it via Settings > Features.
What You Can Do
Once the skill is installed, you can ask your AI agent things like:
- "Set my Stripe key for production"
- "Show me all secrets for the staging environment"
- "Delete the old API key from my backend project"
- "Download my dev secrets as a .env file"
- "Run my app with secrets injected"
- "What project am I authenticated as?"
CI/CD Usage
For non-interactive environments, set these environment variables instead of running redshift login:
| Variable | Description |
|---|---|
| REDSHIFT_NSEC | Private key (bypasses interactive login) |
| REDSHIFT_BUNKER | NIP-46 bunker URL (alternative to nsec) |
| REDSHIFT_CONFIG_DIR | Override config directory |
Store these in your CI platform's secret management (e.g., GitHub Actions secrets) — never hardcode them.
Security Notes
- The AI agent should ask for confirmation before running commands with
redshift run - All encryption remains client-side — secrets never leave your device unencrypted
- Private keys are stored in your system keychain, not in plaintext config files
- The skill does not require or request any elevated system privileges
Source and Updates
The skill source lives in the Redshift repository. To update, pull the latest version and copy the skills/redshift/ directory to your skill location.