Skip to content

fix: add org baseline secret patterns to .gitignore#212

Open
don-petry wants to merge 2 commits intomainfrom
claude/issue-172-20260419-2033
Open

fix: add org baseline secret patterns to .gitignore#212
don-petry wants to merge 2 commits intomainfrom
claude/issue-172-20260419-2033

Conversation

@don-petry
Copy link
Copy Markdown
Collaborator

@don-petry don-petry commented Apr 19, 2026
edited by coderabbitai Bot
Loading

Summary

  • Copies the petry-projects org secrets baseline verbatim into .gitignore, adding the required *.pem and *.key patterns per the push-protection standard
  • Preserves repo-specific entries (node_modules/, coverage/, test-results/, playwright-report/) in a dedicated section at the top
  • Removes the standalone .env entry since it's already covered by the baseline's dotenv section

Closes #172

Test plan

  • Only .gitignore is changed — no code logic affected, no test failures expected
  • Verify *.pem and *.key patterns are present in the updated file
  • CI should pass (no source code changes)

Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Enhanced repository security by strengthening protection against accidental commits of sensitive credentials, configuration files, and private keys.

@github-actions @don-petry
fix: add org baseline secret patterns to .gitignore
e9dcf17 
Copies the petry-projects org secrets baseline verbatim into the repo,
adding the required *.pem and *.key patterns (and many others) per the
push-protection standard. Repo-specific entries (node_modules/, coverage/,
test-results/, playwright-report/) are preserved in a dedicated section at
the top. The standalone .env entry is removed since it's covered by the
baseline's dotenv section.

Closes #172

Co-authored-by: don-petry <don-petry@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 19, 2026 20:34
Copilot AI reviewed Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@don-petry don-petry mentioned this pull request Apr 19, 2026
Open
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 19, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 553292b8-193f-4b5d-8ffb-e82d14bd5613

📥 Commits

Reviewing files that changed from the base of the PR and between 92719c9 and e9dcf17.

📒 Files selected for processing (1)
  • .gitignore
📝 Walkthrough

Walkthrough

Updated .gitignore with a comprehensive secrets-only baseline section covering credential and key file patterns (dotenv variants, cloud provider credentials, SSH/TLS/GPG keys, database dumps, IDE credential caches), with negation rules to re-include safe artifacts like .env.example and *.pub files, plus agent worktree directories.

Changes

Cohort / File(s) Summary
Secrets and Credentials Baseline
.gitignore		 Added 394 lines implementing a language-agnostic secrets-only baseline: patterns for environment variables, cloud provider credentials, SSH/TLS/GPG private keys, Terraform state, Kubernetes configs, Docker auth, database dumps, IDE/editor credential caches, and tooling credentials (npm, pip, etc.). Includes negation rules to re-include safe artifacts (.env.example, encrypted variants with *.enc.*/*.sops.*, public keys with *.pub) and agent/worktree directories (.claude/worktrees/, .worktrees/).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main change: adding organization baseline secret patterns to .gitignore file.
Linked Issues check ✅ Passed The PR directly addresses issue #172 by adding required baseline secret patterns (*.pem, *.key) to .gitignore as specified in the push-protection standard.
Out of Scope Changes check ✅ Passed All changes are scoped to .gitignore and directly address the compliance requirement; no unrelated modifications are present.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/issue-172-20260419-2033

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@don-petry
Copy link
Copy Markdown
Collaborator Author

don-petry commented Apr 19, 2026

Self-review complete — no issues found. Only .gitignore is changed; all repo-specific entries are preserved and the full org baseline (including the required *.pem and *.key patterns) is copied verbatim.

@don-petry — this is ready for your review and merge. This resolves the recurring compliance finding in #172.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 19, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Compliance: gitignore_secrets_block

2 participants

@don-petry