NicoleFernando/HelpNGO-Internal-Nextcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
HelpNGO-Internal-Nextcloud/nextcloud-s3-gitea-starter/SECURITY.md
Nicole Fernando 95cffcb008 Initial commit
2025-08-12 21:23:01 +08:00

627 B
Raw Blame History

Security & Secrets Policy

  • Do not commit secrets: passwords, AWS access keys, tokens, private keys.
  • Use IAM roles on EC2 instead of static access keys where possible.
  • If you must use static keys locally, store them in .env and keep .env out of version control.
  • Rotate any credentials that were ever pasted into docs or terminals.
  • Review commits before pushing (e.g., git log -p, git diff --staged).

If a secret was accidentally committed:

  1. Rotate/revoke it in the provider immediately.
  2. git filter-repo or GitHub/Gitea security tools to purge from history.
  3. Force-push a corrected history.