Add defensive .gitignore patterns for secrets/keys

Blocks .env, *.key, *.pem, id_rsa*, secrets.*, credentials.json, etc. Preventive — no exposure found; future commits can't accidentally leak these. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 12:50:12 -04:00
parent eca9ee2b36
commit 719a550be8
1 changed files with 19 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -55,3 +55,22 @@ enrollment/
 drivers-staging/
 bios-staging/
 .claude/
+
+# Secrets and credentials (defensive)
+.env
+.env.*
+!.env.example
+!.env.*.example
+*.pem
+*.key
+id_rsa
+id_rsa.*
+*.ppk
+*.p12
+*.pfx
+secrets.json
+secrets.yaml
+secrets.yml
+*_secret
+*_secrets
+credentials.json