From 0f9aebf9c6696e71499cf82950bd5f45bd4bc895 Mon Sep 17 00:00:00 2001
From: cproudlock <cproudlock@localhost>
Date: Fri, 17 Apr 2026 12:50:08 -0400
Subject: [PATCH] Add defensive .gitignore patterns for secrets/keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Blocks .env, *.key, *.pem, id_rsa*, secrets.*, credentials.json, etc.
Preventive — no exposure found; future commits can't accidentally
leak these.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitignore | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.gitignore b/.gitignore
index e5a154c..004754c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,22 @@ shopdb_backup_*.sql
 # OS files
 .DS_Store
 Thumbs.db
+
+# Secrets and credentials (defensive)
+.env
+.env.*
+!.env.example
+!.env.*.example
+*.pem
+*.key
+id_rsa
+id_rsa.*
+*.ppk
+*.p12
+*.pfx
+secrets.json
+secrets.yaml
+secrets.yml
+*_secret
+*_secrets
+credentials.json