This document outlines security best practices and procedures to prevent sensitive information from being committed to the repository.
.envfiles (environment variables with secrets)- SSL certificates (
.pem,.crt,.key,.pfx,.p12) - Kubernetes secrets (
secrets.yaml) - API keys and tokens
- Database credentials
- Private keys and certificates
.env.template(template without real values)k8s/secrets.template.yaml(template without real secrets)- Configuration examples with placeholder values
- Comprehensive patterns for sensitive file types
- Multiple layers of protection
- Regular expressions for secret detection
- Automatically blocks commits with sensitive files
- Scans file names and content for secrets
- Requires manual override for suspicious content
.env.template- Safe environment templatek8s/secrets.template.yaml- Safe Kubernetes secrets template
git clone <repository-url>
cd game-app-laptop-democp .env.template .env
# Edit .env with your actual valuescp k8s/secrets.template.yaml k8s/secrets.yaml
# Edit with base64 encoded valuesgit status
# Should NOT show .env or secrets.yaml files- No
.envfiles in staging - No SSL certificates (
.pem,.crt,.key) - No
secrets.yamlfiles - No hardcoded passwords or API keys
- Template files are properly named (
.template) - Run
git statusto verify
- IMMEDIATELY revoke exposed credentials
- Remove files from git history:
git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch <file>' \ --prune-empty --tag-name-filter cat -- --all - Force push to remote:
git push origin --force --all
- Notify team members to reset their local repos
- Review the detected sensitive files
- Remove them from staging:
git restore --staged <file> - Add to
.gitignoreif needed - Retry the commit
If you discover a security issue:
- DO NOT commit the fix to the repository
- Contact the security team immediately
- Follow the emergency procedures above
Remember: Security is everyone's responsibility. When in doubt, ask before committing!