Best Claude Code Plugins for DevOps Engineers in 2026

Claude Code plugins add specialized capabilities to your AI coding assistant. For DevOps engineers, the right plugins can validate Terraform configurations, troubleshoot Kubernetes clusters, scan for security vulnerabilities, and optimize CI/CD pipelines directly from your terminal.

This guide covers every plugin worth knowing about for DevOps work, organized by category, with installation commands and practical examples.

TLDR

• Context7 and Security Guidance are the foundation - install these first
• HashiCorp Agent Skills add Terraform and Packer expertise
• DevOps Skills Marketplace has specialized tools for Kubernetes, CI/CD, monitoring, and FinOps
• Shipyard handles infrastructure validation across Terraform, Ansible, Docker, and Kubernetes
• GitHub plugin streamlines multi-repo PR and CI/CD management

Prerequisites

• Claude Code CLI installed (claude --version to verify)
• Basic familiarity with Claude Code commands
• Active infrastructure or DevOps projects

How to Install Plugins

# Install from the official marketplace
claude plugin install context7

# Add a community marketplace
claude plugin marketplace add devops-claude-skills

# Install a skill from a marketplace
claude plugin install iac-terraform@devops-skills

# List installed plugins
claude plugin list

Foundation Plugins

Context7 - Live Documentation Lookup

Install: claude plugin install context7

Context7 pulls current API documentation and code examples from source repositories in real time. Instead of relying on training data that might be months old, Claude checks the actual docs before generating code.

This matters for DevOps because tooling changes fast. Terraform provider arguments get deprecated between minor versions. Kubernetes API versions evolve. Helm chart values change across releases. Without live docs, you end up debugging code that worked six months ago but fails today.

Example: You ask Claude to write a Terraform module for an AWS ECS Fargate service. Without Context7, it might use the launch_type argument that was replaced by capacity_provider_strategy in recent versions. With Context7, it checks the current AWS provider docs and generates the correct configuration.

# Context7 automatically activates when Claude generates code
> Write a Terraform module for an AWS ECS Fargate service with auto-scaling

# Claude looks up current aws_ecs_service, aws_ecs_task_definition,
# and aws_appautoscaling_target resources from the provider docs

Security Guidance - Infrastructure Security Scanning

Install: claude plugin install security-guidance

Security Guidance scans your code for OWASP Top 10 vulnerabilities, authentication flaws, injection risks, hardcoded secrets, and insecure configurations. For DevOps, this catches issues in API routes, webhook handlers, deployment configs, and infrastructure code.

Example: Running a security scan on a production API:

Issues found:
- Dockerfile: Running as root user (use non-root USER directive)
- terraform/main.tf: S3 bucket missing encryption configuration
- src/api/webhook.ts: No signature verification on incoming webhooks
- .env.example: Default secrets that could be committed accidentally
- nginx.conf: Missing security headers (HSTS, CSP, X-Frame-Options)

These are the kinds of issues that slip through code review but get caught in a security incident.

GitHub - Repository and CI/CD Management

Install: claude plugin install github

The GitHub plugin adds direct integration with pull requests, issues, code search, and CI/CD workflows. While you can achieve similar results with the gh CLI, the plugin provides a more structured interface for managing multiple repositories.

Useful for:

• Creating PRs across multiple repos in one session
• Searching code patterns across your organization
• Checking CI/CD workflow status and debugging failures
• Managing issue backlogs with labels and milestones

# Check failing CI workflow and suggest fixes
> Why is the deploy workflow failing on the main branch?

# Claude uses the GitHub plugin to fetch workflow logs,
# identify the failing step, and suggest a fix

Code Review - Automated PR Review

Install: claude plugin install code-review

The Code Review plugin runs structured reviews covering bugs, security issues, performance problems, and style inconsistencies. It outputs findings in a consistent format with severity levels.

Useful for:

• Reviewing infrastructure changes before merging (Terraform plans, Kubernetes manifests)
• Catching security issues in Dockerfiles and CI configs
• Ensuring consistency across Helm values files and environment configs
• Getting a second opinion on complex refactors

HashiCorp Agent Skills

HashiCorp maintains official Claude Code skills for Terraform and Packer. These are not generic plugins - they encode HashiCorp's best practices, naming conventions, and testing frameworks.

# Add the HashiCorp skills marketplace
claude plugin marketplace add hashicorp/agent-skills

Terraform Skills

Install individually:

claude plugin install terraform-style@hashicorp       # Style conventions
claude plugin install terraform-testing@hashicorp      # Testing frameworks
claude plugin install terraform-stacks@hashicorp       # Stacks orchestration
claude plugin install terraform-providers@hashicorp    # Provider development
claude plugin install terraform-refactoring@hashicorp  # Module refactoring

These skills teach Claude how to write Terraform code the way HashiCorp recommends:

• Style conventions enforce naming patterns, file organization, and documentation standards
• Testing generates terraform test configurations and validation rules
• Stacks helps orchestrate multi-layer infrastructure deployments
• Provider development assists in building custom Terraform providers in Go
• Refactoring breaks monolithic configurations into reusable modules

Example: You ask Claude to refactor a 500-line main.tf into modules. The refactoring skill guides the process: identifying resource groups, extracting variables, setting up module interfaces, and maintaining state compatibility.

> Refactor this Terraform configuration into reusable modules

# With the terraform-refactoring skill, Claude:
# 1. Identifies logical resource groups (networking, compute, database)
# 2. Creates module directories with proper file structure
# 3. Extracts variables and outputs for each module
# 4. Updates the root module to call the new modules
# 5. Generates moved blocks for state migration

Packer Skills

claude plugin install packer-aws@hashicorp        # AWS image building
claude plugin install packer-azure@hashicorp       # Azure image building
claude plugin install packer-windows@hashicorp     # Windows images
claude plugin install packer-hcp@hashicorp         # HCP Packer integration

These cover machine image building across cloud providers:

• Platform-specific builder configurations and provisioners
• HCP Packer integration for image lifecycle management
• Multi-platform build templates

DevOps Skills Marketplace

A community-maintained collection of specialized DevOps skills. Each one focuses on a specific domain.

# Add the marketplace
claude plugin marketplace add devops-claude-skills

Terraform and IaC

Install: claude plugin install iac-terraform@devops-skills

Goes beyond the HashiCorp skills with Terragrunt support, state management workflows, and multi-environment patterns.

Covers:

• Terraform and Terragrunt configuration authoring
• State inspection and migration strategies
• Module development with versioning
• Multi-environment workspace patterns (dev/staging/prod)

Kubernetes Troubleshooter

Install: claude plugin install k8s-troubleshooter@devops-skills

A diagnostic toolkit for Kubernetes problems. Instead of generic Kubernetes knowledge, this skill includes structured troubleshooting playbooks.

Covers:

• Cluster health checks (node status, resource pressure, component health)
• Pod diagnostics (CrashLoopBackOff, OOMKilled, ImagePullBackOff)
• Networking issues (service connectivity, DNS resolution, ingress routing)
• Resource quota and limit analysis
• Incident response playbooks

Example:

> My pods keep getting OOMKilled in the production namespace

# The k8s-troubleshooter skill:
# 1. Checks current resource requests and limits
# 2. Analyzes actual memory usage vs limits
# 3. Reviews the application's memory profile
# 4. Suggests right-sized limits based on usage patterns
# 5. Generates the updated deployment manifest

CI/CD Pipeline Optimization

Install: claude plugin install ci-cd@devops-skills

Covers pipeline design, performance optimization, security hardening, and debugging across multiple CI/CD platforms.

Covers:

• GitHub Actions, GitLab CI, Jenkins, CircleCI workflows
• Pipeline performance optimization (caching, parallelization, conditional jobs)
• Security hardening (secret management, OIDC authentication, dependency scanning)
• Debugging failed pipelines with structured analysis

Example:

> My GitHub Actions deploy workflow takes 12 minutes. Help me speed it up.

# The ci-cd skill analyzes the workflow file and suggests:
# - Docker layer caching for build steps
# - Parallel test execution
# - Conditional deployment (skip if only docs changed)
# - Artifact caching between jobs

GitOps Workflows

Install: claude plugin install gitops-workflows@devops-skills

Production-ready templates for ArgoCD and Flux CD, including modern secrets management.

Covers:

• ArgoCD Application and ApplicationSet configurations
• Flux CD GitRepository, Kustomization, and HelmRelease resources
• Secrets management with SOPS, Sealed Secrets, and External Secrets Operator
• Multi-cluster deployment patterns
• Progressive delivery with Argo Rollouts and Flagger

Monitoring and Observability

Install: claude plugin install monitoring-observability@devops-skills

Everything related to metrics, tracing, alerting, and SLO management.

Covers:

• Prometheus configuration, recording rules, and alerting rules
• Grafana dashboard creation and templating
• Distributed tracing with OpenTelemetry, Jaeger, and Zipkin
• SLO definition and error budget calculations
• Alert routing and escalation policies
• Datadog, New Relic, and CloudWatch integration patterns

AWS Cost Optimization

Install: claude plugin install aws-cost-optimization@devops-skills

FinOps workflows for identifying waste and optimizing cloud spend.

Covers:

• Automated analysis scripts for unused resources
• Right-sizing recommendations for EC2, RDS, and ECS
• Reserved Instance and Savings Plan analysis
• Cost allocation tag strategies
• Budget alerts and anomaly detection

Infrastructure Validation with Shipyard

Install: claude plugin install shipyard

Shipyard is an enterprise-grade infrastructure validation plugin that covers multiple IaC tools in one package.

What it validates:

• Terraform configurations (syntax, best practices, security)
• Ansible playbooks (lint, idempotency, security)
• Docker images and Dockerfiles (security scanning, layer optimization)
• Kubernetes manifests (resource limits, security contexts, network policies)
• CloudFormation templates (syntax, drift detection)

It includes a dedicated security auditor agent that runs focused scans on infrastructure code.

> Validate my Terraform configuration for security issues

# Shipyard checks for:
# - Overly permissive IAM policies
# - Unencrypted storage resources
# - Public network access where private is expected
# - Missing logging and monitoring
# - Non-compliant resource configurations

Community Plugin: Terraform Skill by Anton Babenko

Install: claude plugin install https://github.com/antonbabenko/terraform-skill

Created by Anton Babenko (author of terraform-aws-modules, the most popular Terraform module collection), this skill brings deep Terraform and OpenTofu expertise.

Covers:

• Module design patterns from terraform-aws-modules
• AWS architecture best practices
• Cost-aware infrastructure design
• Migration from Terraform to OpenTofu

Recommended Setup by Role

Platform Engineer

claude plugin install context7
claude plugin install security-guidance
claude plugin install shipyard
claude plugin marketplace add hashicorp/agent-skills
claude plugin install terraform-style@hashicorp
claude plugin install terraform-testing@hashicorp
claude plugin install terraform-refactoring@hashicorp

SRE / Operations

claude plugin install context7
claude plugin install security-guidance
claude plugin marketplace add devops-claude-skills
claude plugin install k8s-troubleshooter@devops-skills
claude plugin install monitoring-observability@devops-skills
claude plugin install ci-cd@devops-skills

Cloud/FinOps Engineer

claude plugin install context7
claude plugin install security-guidance
claude plugin marketplace add devops-claude-skills
claude plugin install aws-cost-optimization@devops-skills
claude plugin install iac-terraform@devops-skills

DevOps Generalist

claude plugin install context7
claude plugin install security-guidance
claude plugin install github
claude plugin marketplace add devops-claude-skills
claude plugin install iac-terraform@devops-skills
claude plugin install k8s-troubleshooter@devops-skills
claude plugin install ci-cd@devops-skills

Summary

The Claude Code plugin ecosystem now has serious depth for DevOps work. The foundation is Context7 for live documentation and Security Guidance for vulnerability scanning. On top of that, the HashiCorp Agent Skills bring official Terraform and Packer expertise, the DevOps Skills Marketplace covers Kubernetes, CI/CD, monitoring, and FinOps, and Shipyard handles cross-tool infrastructure validation.

Start with the foundation plugins, then add the role-specific ones that match your daily work. Each plugin you install makes Claude Code more capable at the infrastructure and operations tasks you handle every day.