@lockzero/slack-app

Slack app for LockZero — manage secrets, trigger rotations, and view provider health directly from Slack.

Slash Commands

| Command | Description | |---------|-------------| | /lockzero status | Block Kit cards showing each provider's health (🟢/🟡/🔴), field count, and last rotation | | /lockzero list | Compact list of all providers with field counts | | /lockzero rotate <namespace> | Confirmation dialog; on confirm, posts to LockZero rotation endpoint | | /lockzero get <namespace[.FIELD]> | Returns secret value as ephemeral message (only visible to you) |

Security

• /lockzero get always uses response_type: "ephemeral" — secrets are never posted to a channel
• Rotation requires a Slack confirm dialog ("Are you sure?") before executing
• All errors are also returned ephemerally to avoid leaking context in channels

Setup

1. Install from the app manifest

In Slack: Tools & settings → Your apps → Create an App → From a manifest. Paste manifest.json and update the request_url to your deployed host.

2. Environment variables

| Variable | Required | Description | |----------|----------|-------------| | SLACK_BOT_TOKEN | Yes | xoxb-... token from OAuth & Permissions | | SLACK_SIGNING_SECRET | Yes | From Basic Information | | LOCKZERO_API_KEY | Yes | From https://app.lockzero.io/settings/api-keys | | LOCKZERO_BASE_URL | No | Defaults to https://api.lockzero.io | | SLACK_APP_TOKEN | No | xapp-... for Socket Mode (optional) | | PORT | No | HTTP port, defaults to 3000 |

3. Run

npm install
npm run build
npm start

4. Point Slack to your server

In your Slack app settings set the following URLs to https://<your-host>/slack/events:

• Interactivity & Shortcuts → Request URL
• Slash Commands → /lockzero → Request URL