diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-17 11:24:16 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-17 11:24:16 +0200 |
| commit | 19144eb142ddfcb0db5927becd80ca73a0754409 (patch) | |
| tree | fa0b915c6c24cf34290bcab8a6b8ff5fbd75ec52 | |
| parent | 860420cea001d8ece12dbe1c5fc1b0edf8a96953 (diff) | |
Add security policy to AGENTS.md
Never commit secrets (SSH keys, tokens, passwords) to git.
Deploy them as Kubernetes Secrets and rotate if exposed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
| -rw-r--r-- | f3s/AGENTS.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/f3s/AGENTS.md b/f3s/AGENTS.md index 5637ce3c..e6c51bbf 100644 --- a/f3s/AGENTS.md +++ b/f3s/AGENTS.md @@ -1 +1,7 @@ Follow file:///home/paul/Notes/snippets/f3s/f3s.md + +## Security Policy + +- **Never commit secrets to git.** This includes SSH private keys, API tokens, passwords, and any other sensitive credentials. +- Secrets must be deployed as Kubernetes Secrets directly via `kubectl create secret` or through a secrets management solution. +- If a secret is accidentally committed, it must be rotated immediately and pruned from git history using `git-filter-repo`. |