indifferentketchup
9a7b35b677
The host-side docker-compose mounts secrets/ and data/ read-only at runtime, but the build context still slurped them in. Add secrets/, data/, and general SSH key patterns (*.pem, *.key, id_rsa*, id_ed25519*, known_hosts, .ssh/) so private material can never be baked into the image even by accident. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
23 lines
192 B
Plaintext
23 lines
192 B
Plaintext
node_modules
|
|
**/node_modules
|
|
dist
|
|
**/dist
|
|
.env
|
|
.git
|
|
.gitignore
|
|
.DS_Store
|
|
*.log
|
|
.vite
|
|
coverage
|
|
/tmp
|
|
|
|
# Secrets and runtime data
|
|
secrets/
|
|
data/
|
|
*.pem
|
|
*.key
|
|
id_rsa*
|
|
id_ed25519*
|
|
known_hosts
|
|
.ssh/
|