mirror of
https://github.com/MODSetter/SurfSense.git
synced 2025-09-01 18:19:08 +00:00
22 lines
No EOL
771 B
Text
22 lines
No EOL
771 B
Text
```yaml
|
|
name: no-env-files-in-repo
|
|
description: Prevent committing environment and configuration files containing sensitive credentials
|
|
globs: ['**/.env', '**/.env.*', '**/config/*.yml', '**/config/*.yaml']
|
|
alwaysApply: true
|
|
```
|
|
|
|
Configuration files like `.env` should never be committed to version control as they often contain sensitive information like API keys, passwords, and tokens.
|
|
|
|
❌ Bad - Committing .env files:
|
|
```
|
|
POSTGRES_DATABASE_URL=postgresql+psycopg2://user:password@localhost:5432/db
|
|
API_KEY=sk-1234567890abcdef
|
|
```
|
|
|
|
✅ Good - Use .env.example instead:
|
|
```
|
|
POSTGRES_DATABASE_URL=postgresql+psycopg2://user:password@host:5432/dbname
|
|
API_KEY=your-api-key-here
|
|
```
|
|
|
|
Add `.env` and similar config files to .gitignore and provide example templates instead. |