STARLIGHTRETAIL · starlightretailceo · Feb 22, 2026 · Feb 14, 2026 · amazon-q-developer · Feb 14, 2026
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,41 @@
+# Security — secrets & credentials (org-wide)
+# =============================================================================
+# Secrets & Credentials — Apply org-wide
+# =============================================================================
+
+# Environment files
+.env
+.env.*
+!.env.example.template
+
+# Private keys & certificates
+*.pem
+*.key
+
+# Credential / secret files (broad patterns)
+*credentials*
+*secret*
-*credentials*
-*secret*
+**/credentials.*
+**/secrets.*
+**/.credentials
+**/.secrets
-*credentials*
-*secret*
+**/credentials.*
+**/secrets.*
+**/.credentials
+**/.secrets
+
+# AWS-specific
+aws-credentials.env
+awsenv.local
+
+# Deployment configs containing secrets
+.env.deploy
+samconfig.toml
+
+# IDE workspace files (may contain tokens/keys)
+.idea/
+.idea/workspace.xml
-.idea/
-.idea/workspace.xml
+.idea/
-.idea/
-.idea/workspace.xml
+.idea/
+
+# Terraform state (contains sensitive outputs)
+*.tfstate
+*.tfstate.backup
+.terraform/
+
+# Docker env overrides
+docker-compose.override.yml
+
+# OS artifacts
+.DS_Store
+Thumbs.db
-Thumbs.db
+Thumbs.db
+
-Thumbs.db
+Thumbs.db
+