13 lines
627 B
Markdown
13 lines
627 B
Markdown
# Security & Secrets Policy
|
|
|
|
- **Do not commit secrets**: passwords, AWS access keys, tokens, private keys.
|
|
- Use **IAM roles** on EC2 instead of static access keys where possible.
|
|
- If you must use static keys locally, store them in `.env` and keep `.env` out of version control.
|
|
- Rotate any credentials that were ever pasted into docs or terminals.
|
|
- Review commits before pushing (e.g., `git log -p`, `git diff --staged`).
|
|
|
|
If a secret was accidentally committed:
|
|
1. Rotate/revoke it in the provider immediately.
|
|
2. `git filter-repo` or GitHub/Gitea security tools to purge from history.
|
|
3. Force-push a corrected history.
|