Add Vault product with 6 plugins and 16 skills

.claude-plugin/marketplace.json

@@ -72,6 +72,84 @@
       "category": "integration",
       "license": "MPL-2.0",
       "strict": false
+    },
+    {
+      "name": "vault-credential-generation",
+      "source": "./vault/credential-generation",
+      "description": "Generate dynamic credentials for databases, cloud providers, and encryption keys.",
+      "version": "0.2.0",
+      "author": {
+        "name": "HashiCorp"
+      },
+      "keywords": ["vault", "secrets", "credentials", "database", "transit", "pki", "vault-agent", "dynamic-credentials"],
+      "category": "integration",
+      "license": "MPL-2.0",
+      "strict": false
+    },
+    {
+      "name": "vault-app-access",
+      "source": "./vault/app-access",
+      "description": "Give applications secure access to Vault secrets with authentication and policies.",
+      "version": "0.2.0",
+      "author": {
+        "name": "HashiCorp"
+      },
+      "keywords": ["vault", "auth", "authentication", "access", "approle", "kubernetes", "oidc", "policies"],
+      "category": "integration",
+      "license": "MPL-2.0",
+      "strict": false
+    },
+    {
+      "name": "vault-deployment",
+      "source": "./vault/deployment",
+      "description": "Deploy and operate Vault on Kubernetes with HA, DR, and monitoring.",
+      "version": "0.2.0",
+      "author": {
+        "name": "HashiCorp"
+      },
+      "keywords": ["vault", "deployment", "kubernetes", "vso", "ha", "dr", "monitoring", "troubleshooting"],
+      "category": "integration",
+      "license": "MPL-2.0",
+      "strict": false
+    },
+    {
+      "name": "vault-multi-tenancy",
+      "source": "./vault/multi-tenancy",
+      "description": "Set up multi-tenant Vault with namespaces, replication, and policy-as-code.",
+      "version": "0.2.0",
+      "author": {
+        "name": "HashiCorp"
+      },
+      "keywords": ["vault", "enterprise", "multi-tenancy", "namespaces", "replication", "sentinel", "mfa", "hsm"],
+      "category": "integration",
+      "license": "MPL-2.0",
+      "strict": false
+    },
+    {
+      "name": "vault-ai-workflows",
+      "source": "./vault/ai-workflows",
+      "description": "Use AI assistants to manage Vault secrets through MCP integration.",
+      "version": "0.2.0",
+      "author": {
+        "name": "HashiCorp"
+      },
+      "keywords": ["vault", "mcp", "ai", "workflows", "claude", "secrets", "automation"],
+      "category": "integration",
+      "license": "MPL-2.0",
+      "strict": false
+    },
+    {
+      "name": "vault-hashicorp-secrets-engines",
+      "source": "./vault/hashicorp-secrets-engines",
+      "description": "Vault secrets engines for HashiCorp products (Consul, Nomad, Terraform Cloud).",
+      "version": "0.2.0",
+      "author": {
+        "name": "HashiCorp"
+      },
+      "keywords": ["vault", "consul", "nomad", "terraform", "secrets-engines", "acl-tokens", "dynamic-tokens"],
+      "category": "integration",
+      "license": "MPL-2.0",
+      "strict": false
     }
   ]
 }

CHANGELOG.md

@@ -4,8 +4,42 @@ All notable changes to the HashiCorp Agent Skills.
 
 ## Unreleased
 
+### Changed
+- Renamed Vault plugins to job-oriented names following Terraform/Packer pattern:
+  - `vault-secrets-management` → `vault-credential-generation`
+  - `vault-authentication` → `vault-app-access`
+  - `vault-operations` → `vault-deployment`
+  - `vault-enterprise` → `vault-multi-tenancy`
+  - `vault-mcp-integration` → `vault-ai-workflows`
+  - `vault-hashicorp-secrets-engines` → was `vault-hashicorp-integrations`
+- Transformed all 16 Vault skills to include "What Are You Trying to Solve?" decision frameworks
+- Updated skill headers with problem-oriented navigation (jump links)
+- Added mental model sections explaining how each Vault component works
+- Added decision tables mapping user problems to solutions
+
 ### Added
 - `terraform-search-import` skill for discovering existing resources with Terraform Search and bulk import
+- Vault product with 6 plugins and 16 skills
+  - `vault-credential-generation`: secrets-engines, vault-agent
+  - `vault-app-access`: auth-methods, policies, token-management, identity-system, response-wrapping
+  - `vault-deployment`: kubernetes-integration, production-operations, troubleshooting
+  - `vault-multi-tenancy`: enterprise-features (namespaces, replication, Sentinel, MFA, HSM)
+  - `vault-ai-workflows`: vault-mcp-server, mcp-secrets-workflows
+  - `vault-hashicorp-secrets-engines`: consul-secrets, nomad-secrets, terraform-cloud-secrets
+- Token management, identity system, and response wrapping skills for authentication workflows
+- HashiCorp product integration skills for Consul, Nomad, and Terraform Cloud/Enterprise
+- Vault Enterprise skills for multi-tenancy, replication, and policy-as-code
+- Vault MCP Server integration skills for AI-assisted secrets management
+- Enhanced SPEC.md files with comprehensive user stories and functional requirements
+- Vault MCP Server integration for all Vault plugins
+- Product template system in `examples/` directory
+  - `examples/README.md` - Comprehensive guide for adding products, plugins, and skills
+  - `examples/spec.md` - Spec-Kit format specification with user stories
+  - `examples/questionnaire.md` - Questions reference for automation
+  - `examples/new-product-template/` - Template files with placeholders
+  - `examples/commands/new-product/` - `/new-product` slash command for interactive scaffolding
+- `CONTRIBUTING.md` - Contribution guidelines
+- 11 Claude Code plugins with 29 total skills
 
 ## 0.1.0
 

README.md

@@ -6,6 +6,7 @@ A collection of Agent skills and Claude Code plugins for HashiCorp products.
 |:--------|:----------|
 | [Terraform](./terraform/) | Write HCL code, build modules, develop providers, and run tests |
 | [Packer](./packer/) | Build machine images on AWS, Azure, and Windows; integrate with HCP Packer registry |
+| [Vault](./vault/) | Manage secrets, configure authentication, operate clusters, and integrate with AI assistants |
 
 > **Legal Note:** Your use of a third party MCP Client/LLM is subject solely to the terms of use for such MCP/LLM, and IBM is not responsible for the performance of such third party tools. IBM expressly disclaims any and all warranties and liability for third party MCP Clients/LLMs, and may not be able to provide support to resolve issues which are caused by the third party tools.
 
@@ -37,6 +38,12 @@ claude plugin install terraform-module-generation@hashicorp
 claude plugin install terraform-provider-development@hashicorp
 claude plugin install packer-builders@hashicorp
 claude plugin install packer-hcp@hashicorp
+claude plugin install vault-secrets-management@hashicorp
+claude plugin install vault-authentication@hashicorp
+claude plugin install vault-operations@hashicorp
+claude plugin install vault-enterprise@hashicorp
+claude plugin install vault-mcp-integration@hashicorp
+claude plugin install vault-hashicorp-integrations@hashicorp
 ```
 
 Or use the interactive interface:
@@ -52,7 +59,7 @@ agent-skills/
 │   └── marketplace.json
 ├── terraform/              # Terraform skills
 ├── packer/                 # Packer skills
-├── <product>/              # Future products (Vault, Consul, etc.)
+├── vault/                  # Vault skills
 └── README.md
 ```
 

vault/README.md

@@ -0,0 +1,125 @@
+# HashiCorp Vault Agent Skills
+
+Agent skills for HashiCorp Vault identity-based secrets and encryption management.
+
+## Overview
+
+Vault secures, stores, and tightly controls access to tokens, passwords, certificates, encryption keys, and other sensitive data. These skills provide AI-assisted guidance organized around **jobs to be done**—the problems you're actually trying to solve.
+
+## Available Plugins
+
+| Plugin | Job to Be Done | Skills |
+|--------|----------------|--------|
+| [vault-credential-generation](credential-generation/) | Generate dynamic credentials for my app | `secrets-engines`, `vault-agent` |
+| [vault-app-access](app-access/) | Give my app secure access to Vault | `auth-methods`, `policies`, `token-management`, `identity-system`, `response-wrapping` |
+| [vault-deployment](deployment/) | Deploy and operate Vault | `kubernetes-integration`, `production-operations`, `troubleshooting` |
+| [vault-multi-tenancy](multi-tenancy/) | Set up multi-tenant Vault | `enterprise-features` |
+| [vault-ai-workflows](ai-workflows/) | Use AI to manage secrets | `vault-mcp-server`, `mcp-secrets-workflows` |
+| [vault-hashicorp-secrets-engines](hashicorp-secrets-engines/) | Secrets engines for Consul, Nomad, TFC | `consul-secrets`, `nomad-secrets`, `terraform-cloud-secrets` |
+
+## Installation
+
+### Install All Vault Plugins
+
+```bash
+claude plugin install vault-credential-generation@hashicorp
+claude plugin install vault-app-access@hashicorp
+claude plugin install vault-deployment@hashicorp
+claude plugin install vault-multi-tenancy@hashicorp
+claude plugin install vault-ai-workflows@hashicorp
+claude plugin install vault-hashicorp-secrets-engines@hashicorp
+```
+
+### Install Individual Skills
+
+```bash
+# Credential generation
+npx skills add hashicorp/agent-skills/vault/credential-generation/skills/secrets-engines
+npx skills add hashicorp/agent-skills/vault/credential-generation/skills/vault-agent
+
+# App access (authentication, identity, and tokens)
+npx skills add hashicorp/agent-skills/vault/app-access/skills/auth-methods
+npx skills add hashicorp/agent-skills/vault/app-access/skills/policies
+npx skills add hashicorp/agent-skills/vault/app-access/skills/token-management
+npx skills add hashicorp/agent-skills/vault/app-access/skills/identity-system
+npx skills add hashicorp/agent-skills/vault/app-access/skills/response-wrapping
+
+# Deployment (operations)
+npx skills add hashicorp/agent-skills/vault/deployment/skills/kubernetes-integration
+npx skills add hashicorp/agent-skills/vault/deployment/skills/production-operations
+npx skills add hashicorp/agent-skills/vault/deployment/skills/troubleshooting
+
+# Multi-tenancy (enterprise)
+npx skills add hashicorp/agent-skills/vault/multi-tenancy/skills/enterprise-features
+
+# AI workflows (MCP integration)
+npx skills add hashicorp/agent-skills/vault/ai-workflows/skills/vault-mcp-server
+npx skills add hashicorp/agent-skills/vault/ai-workflows/skills/mcp-secrets-workflows
+
+# HashiCorp secrets engines
+npx skills add hashicorp/agent-skills/vault/hashicorp-secrets-engines/skills/consul-secrets
+npx skills add hashicorp/agent-skills/vault/hashicorp-secrets-engines/skills/nomad-secrets
+npx skills add hashicorp/agent-skills/vault/hashicorp-secrets-engines/skills/terraform-cloud-secrets
+```
+
+## MCP Server Integration
+
+All Vault plugins include configuration for the [Vault MCP Server](https://github.com/hashicorp/vault-mcp-server):
+
+```bash
+export VAULT_ADDR="https://vault.example.com:8200"
+export VAULT_TOKEN="hvs.xxxxx"
+export VAULT_NAMESPACE="admin"  # Optional, for Enterprise
+```
+
+The MCP server enables Claude and other AI assistants to interact directly with Vault:
+- Create and manage secrets engine mounts
+- Read, write, and list secrets
+- Manage KV v1 and v2 secrets
+
+See [vault-ai-workflows](ai-workflows/) for setup and usage patterns.
+
+## Plugin Overview
+
+### Core Vault Skills
+
+- **secrets-engines**: KV, Database, AWS, Transit, PKI, SSH engines
+- **vault-agent**: Auto-auth, caching, templating, sidecar patterns
+
+### Authentication and Identity Skills
+
+- **auth-methods**: AppRole, Kubernetes, OIDC, AWS, Azure, GCP, LDAP
+- **policies**: HCL syntax, templated policies, CI/CD patterns
+- **token-management**: Service, batch, periodic, orphan tokens, accessors
+- **identity-system**: Entities, aliases, groups, OIDC provider
+- **response-wrapping**: Cubbyhole, wrapped tokens, secure secret distribution
+
+### Operations Skills
+
+- **kubernetes-integration**: VSO, Agent Injector, CSI Provider
+- **production-operations**: HA, DR, monitoring, backup, upgrades
+- **troubleshooting**: Diagnostics, debugging, anti-patterns
+
+### Enterprise Skills (requires Vault Enterprise license)
+
+- **enterprise-features**: Namespaces, replication, Sentinel, MFA, HSM
+
+### MCP Integration Skills
+
+- **vault-mcp-server**: Installation, configuration, IDE integration
+- **mcp-secrets-workflows**: Tool usage patterns for AI workflows
+
+### HashiCorp Integration Skills
+
+- **consul-secrets**: Dynamic Consul ACL tokens
+- **nomad-secrets**: Dynamic Nomad ACL tokens
+- **terraform-cloud-secrets**: Dynamic Terraform Cloud/Enterprise API tokens
+
+## Documentation
+
+- [Vault Documentation](https://developer.hashicorp.com/vault)
+- [Vault Enterprise](https://developer.hashicorp.com/vault/docs/enterprise)
+- [Vault API Reference](https://developer.hashicorp.com/vault/api-docs)
+- [Vault Tutorials](https://developer.hashicorp.com/vault/tutorials)
+- [Vault MCP Server](https://github.com/hashicorp/vault-mcp-server)
+- [HCP Vault](https://developer.hashicorp.com/hcp/docs/vault)

vault/ai-workflows/.claude-plugin/plugin.json

@@ -0,0 +1,40 @@
+{
+  "name": "vault-ai-workflows",
+  "version": "0.2.0",
+  "description": "Use AI assistants to manage Vault secrets. Covers Vault MCP Server installation, VS Code integration, and AI-assisted secrets management workflows.",
+  "author": "HashiCorp",
+  "homepage": "https://github.com/hashicorp/vault-mcp-server",
+  "repository": "https://github.com/hashicorp/agent-skills",
+  "license": "MPL-2.0",
+  "keywords": [
+    "vault",
+    "mcp",
+    "ai",
+    "workflows",
+    "claude",
+    "secrets",
+    "automation"
+  ],
+  "mcpServers": {
+    "vault": {
+      "command": "docker",
+      "args": [
+        "run",
+        "-i",
+        "--rm",
+        "-e",
+        "VAULT_ADDR",
+        "-e",
+        "VAULT_TOKEN",
+        "-e",
+        "VAULT_NAMESPACE",
+        "hashicorp/vault-mcp-server"
+      ],
+      "env": {
+        "VAULT_ADDR": "${VAULT_ADDR}",
+        "VAULT_TOKEN": "${VAULT_TOKEN}",
+        "VAULT_NAMESPACE": "${VAULT_NAMESPACE}"
+      }
+    }
+  }
+}