indifferentketchup 5433c3b970 build: harden .dockerignore (secrets/, data/) ...

The host-side docker-compose mounts secrets/ and data/ read-only at
runtime, but the build context still slurped them in. Add secrets/,
data/, and general SSH key patterns (*.pem, *.key, id_rsa*,
id_ed25519*, known_hosts, .ssh/) so private material can never be
baked into the image even by accident.

2026-05-17 20:50:37 +00:00

192 B

Raw Blame History

View Raw