HelpNGO-Internal-Nextcloud/nextcloud-s3-gitea-starter/SECURITY.md

Security & Secrets Policy

• Do not commit secrets: passwords, AWS access keys, tokens, private keys.
• Use IAM roles on EC2 instead of static access keys where possible.
• If you must use static keys locally, store them in .env and keep .env out of version control.
• Rotate any credentials that were ever pasted into docs or terminals.
• Review commits before pushing (e.g., git log -p, git diff --staged).

If a secret was accidentally committed:

1. Rotate/revoke it in the provider immediately.
2. git filter-repo or GitHub/Gitea security tools to purge from history.
3. Force-push a corrected history.