Skip to content

security: add .gitignore to prevent secret leaks#1

Open
nradawg wants to merge 1 commit into
mainfrom
claude/sec-20260424-122349
Open

security: add .gitignore to prevent secret leaks#1
nradawg wants to merge 1 commit into
mainfrom
claude/sec-20260424-122349

Conversation

@nradawg

@nradawg nradawg commented Apr 24, 2026

Copy link
Copy Markdown
Owner

Risk

This is a public repository with no .gitignore. Without one, any .env, key file, or credential in the working directory can be committed accidentally. Once pushed to a public repo, secrets are considered permanently compromised — they remain in git history forever.

Fix

Adds a standard .gitignore covering .env variants, key/cert files, Node build artifacts, logs, and editor folders.

Important follow-up

This PR prevents future leaks only. If any secrets have already been committed, they must be rotated at the source — deleting them in a new commit does not purge them from git history.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant