ibnezzoubayr/Atay-Makhzan-Ops

Files

T

ibnezzoubayr f6ba9ab02d chore: bootstrap Atay Makhzan ops repo

2026-06-19 15:35:48 +01:00

997 B

Raw Permalink Blame History

Security Policy

This repository is public. Treat it as documentation and reproducible operations code, not as a secret store.

Never commit

Real .env files
Gitea app.ini secrets
Database passwords
SMTP credentials
OAuth secrets
SSH private keys
API tokens
Gitea dump archives
PostgreSQL dump files
TLS private keys
Full production logs containing sensitive data

Safe to commit

.env.example with placeholders
Docker Compose templates with variable references
Nginx templates without private keys
Runbooks
Scripts that read secrets from the environment
Architecture records

If a secret is committed

Rotate the secret immediately.
Remove it from current files.
Rewrite public Git history only if the exposure is severe and worth the operational risk.
Assume the secret was copied by someone else.

Operational rule

For production maintenance, create backups before upgrades and verify both web and SSH Git paths after changes.