ff5ac21f68
Enhanced .gitignore to protect: - Configuration files with secrets (config.yaml, .env files) - Mastodon credential files (*_clientcred.secret, *_usercred.secret) - API keys and tokens (*.key, *.token, *.pem, credentials.json) - Database files (may contain user data) - Backup files (may contain sensitive data) - LLM API key directories (.llm/, .openai/, .anthropic/) Added SECURITY.md documentation covering: - Where secrets are stored - What is/isn't committed to git - Best practices for credential management - Production secret management options - What to do if secrets are accidentally committed - Pre-commit hook examples - Security audit checklist Verified all patterns with test suite - all sensitive files properly ignored. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
82 lines
870 B
Plaintext
82 lines
870 B
Plaintext
# Python
|
|
__pycache__/
|
|
*.py[cod]
|
|
*$py.class
|
|
*.so
|
|
.Python
|
|
build/
|
|
develop-eggs/
|
|
dist/
|
|
downloads/
|
|
eggs/
|
|
.eggs/
|
|
lib/
|
|
lib64/
|
|
parts/
|
|
sdist/
|
|
var/
|
|
wheels/
|
|
*.egg-info/
|
|
.installed.cfg
|
|
*.egg
|
|
|
|
# Virtual environments
|
|
venv/
|
|
env/
|
|
ENV/
|
|
|
|
# IDEs
|
|
.vscode/
|
|
.idea/
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
|
|
# Configuration with secrets
|
|
config/config.yaml
|
|
config/config.local.yaml
|
|
.env
|
|
.env.local
|
|
.env.*.local
|
|
|
|
# Mastodon credentials
|
|
*_clientcred.secret
|
|
*_usercred.secret
|
|
govbot_clientcred.secret
|
|
govbot_usercred.secret
|
|
|
|
# API keys and tokens
|
|
*.key
|
|
*.token
|
|
*.pem
|
|
credentials.json
|
|
secrets.json
|
|
api_keys.json
|
|
|
|
# Database (contains governance data)
|
|
*.db
|
|
*.sqlite
|
|
*.sqlite3
|
|
|
|
# Backups (may contain sensitive data)
|
|
*.backup
|
|
*.bak
|
|
|
|
# Logs (may contain tokens in debug output)
|
|
*.log
|
|
|
|
# AI/LLM (API keys stored here)
|
|
.llm/
|
|
embeddings/
|
|
.openai/
|
|
.anthropic/
|
|
|
|
# Testing
|
|
.pytest_cache/
|
|
.coverage
|
|
htmlcov/
|
|
|
|
# OS
|
|
.DS_Store
|
|
Thumbs.db
|