Skip to content

chore: add security .gitignore entries#7

Open
starlightretailceo wants to merge 1 commit intomainfrom
security/gitignore-hardening
Open

chore: add security .gitignore entries#7
starlightretailceo wants to merge 1 commit intomainfrom
security/gitignore-hardening

Conversation

@starlightretailceo
Copy link

@starlightretailceo starlightretailceo commented Feb 14, 2026

Adds org-wide .gitignore entries for secrets, credentials, keys, and other sensitive files per Starlight Retail security policy.

amazon-q-developer[bot]
amazon-q-developer bot reviewed Feb 14, 2026
View reviewed changes
Copy link

@amazon-q-developer amazon-q-developer bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Summary

This PR adds important security-focused .gitignore patterns but contains critical issues that must be addressed before merge:

Critical Issues Found:

  1. Duplicate entries: .env (lines 1 & 15) and .idea/ (lines 6 & 36) are redundantly defined
  2. Overly broad wildcards: The patterns *credentials* and *secret* will unintentionally exclude legitimate source code files (e.g., UserCredentialsService.py, secret_manager.py), breaking the codebase

Required Actions:

  • Remove duplicate .env and .idea/ entries
  • Replace broad wildcard patterns with specific file extensions to prevent excluding application code

These issues will cause incorrect repository behavior and must be fixed before merging.

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

.gitignore
Comment on lines +24 to +25
*credentials*
*secret*
Copy link

@amazon-q-developer amazon-q-developer bot Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 Security Vulnerability: Overly broad wildcard patterns will cause unintended file exclusions. Patterns like *credentials* and *secret* will match legitimate source files (e.g., UserCredentialsService.py, secret_manager.py, api_credentials_test.py), preventing them from being committed to the repository. This breaks the codebase by excluding necessary application code.

Suggested change
*credentials*
*secret*
credentials.json
credentials.txt
credentials.yml
credentials.yaml
secrets.json
secrets.txt
secrets.yml
secrets.yaml

.gitignore
samconfig.toml

# IDE workspace files (may contain tokens/keys)
.idea/
Copy link

@amazon-q-developer amazon-q-developer bot Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 Logic Error: Duplicate entry. The pattern .idea/ is already defined on line 6. Remove this duplicate to avoid redundant configuration.

Suggested change
.idea/
# .idea/ already covered by line 6

.gitignore
# =============================================================================

# Environment files
.env
Copy link

@amazon-q-developer amazon-q-developer bot Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 Logic Error: Duplicate entry. The pattern .env is already defined on line 1. Remove this duplicate to avoid confusion and maintain clean configuration.

Suggested change
.env
# .env already covered by line 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amazon-q-developer amazon-q-developer[bot] amazon-q-developer[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@starlightretailceo