From 7b3f87f24a4f7955027dec2c1b9cb36d5c870fcc Mon Sep 17 00:00:00 2001
From: Mammon Baloch <154027819+starlightretailceo@users.noreply.github.com>
Date: Fri, 13 Feb 2026 18:49:27 -0800
Subject: [PATCH] chore: add security .gitignore entries

---
 .gitignore | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1f22c12
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,41 @@
+# Security — secrets & credentials (org-wide)
+# =============================================================================
+# Secrets & Credentials — Apply org-wide
+# =============================================================================
+
+# Environment files
+.env
+.env.*
+!.env.example.template
+
+# Private keys & certificates
+*.pem
+*.key
+
+# Credential / secret files (broad patterns)
+*credentials*
+*secret*
+
+# AWS-specific
+aws-credentials.env
+awsenv.local
+
+# Deployment configs containing secrets
+.env.deploy
+samconfig.toml
+
+# IDE workspace files (may contain tokens/keys)
+.idea/
+.idea/workspace.xml
+
+# Terraform state (contains sensitive outputs)
+*.tfstate
+*.tfstate.backup
+.terraform/
+
+# Docker env overrides
+docker-compose.override.yml
+
+# OS artifacts
+.DS_Store
+Thumbs.db
\ No newline at end of file