indifferentketchup/boocode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: harden .dockerignore (secrets/, data/)

Browse Source 
The host-side docker-compose mounts secrets/ and data/ read-only at
runtime, but the build context still slurped them in. Add secrets/,
data/, and general SSH key patterns (*.pem, *.key, id_rsa*,
id_ed25519*, known_hosts, .ssh/) so private material can never be
baked into the image even by accident.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
indifferentketchup
2026-05-17 20:50:37 +00:00
parent 98b432ebce
commit 9a7b35b677
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.dockerignore
View File

@@ -10,3 +10,13 @@ dist
.vite .vite
coverage coverage
/tmp /tmp
# Secrets and runtime data
secrets/
data/
*.pem
*.key
id_rsa*
id_ed25519*
known_hosts
.ssh/