Initial commit: VaultMesh Skills collection

Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

secrets-vault/scripts/10_plan.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/_common.sh"
+
+: "${VAULT_ROOT:=~/infrastructure/vault}"
+: "${AGE_KEY_DIR:=~/.config/sops/age}"
+: "${AGE_KEYS_FILE:=~/.config/sops/age/keys.txt}"
+
+main() {
+  vr="$(expand_path "$VAULT_ROOT")"
+  kd="$(expand_path "$AGE_KEY_DIR")"
+  kf="$(expand_path "$AGE_KEYS_FILE")"
+
+  echo "[PLAN] $(date -Iseconds) secrets-vault (age+sops)"
+  echo "[PLAN] VAULT_ROOT: $vr"
+  echo "[PLAN] AGE_KEY_DIR: $kd"
+  echo "[PLAN] AGE_KEYS_FILE: $kf"
+  echo
+  echo "[PLAN] Will ensure age identity exists (keys.txt)."
+  echo "[PLAN] Will write vault/.sops.yaml and encrypted templates under vault/secrets/."
+  echo "[PLAN] Will NOT print secret plaintext."
+  echo
+  echo "[PLAN] Next: export DRY_RUN=0 && ./scripts/11_apply.sh"
+}
+main "$@"