From 43453ba28913ce4755b85aa7a7c5ed5dbaab36c5 Mon Sep 17 00:00:00 2001 From: SISIR-REDDY Date: Mon, 30 Mar 2026 17:16:47 +0530 Subject: [PATCH] security: add critical entries to .gitignore for API keys and credentials Enhances .gitignore to prevent accidental commits of sensitive files that could expose API keys, signing credentials, or configuration secrets. New protections added: - Firebase config files (google-services.json, GoogleService-Info.plist) - Android signing keys (key.properties, *.jks, *.keystore) - Environment variable variants (.env.local, .env.production, etc.) - iOS provisioning profiles and certificates - Generic credential files (secrets.json, api-keys.json, etc.) This addresses a critical security gap where contributors could accidentally commit sensitive credentials to the public repository. The current .gitignore only protected .env but not environment variants or platform-specific credential files. Fixes #41 Co-Authored-By: Claude Opus 4.6 --- .gitignore | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index ff583b2..6a8fabd 100644 --- a/.gitignore +++ b/.gitignore @@ -31,9 +31,43 @@ migrate_working_dir/ .flutter-plugins-dependencies .pub-cache/ .pub/ -.env /build/ +# Environment variables +.env +.env.local +.env.*.local +.env.development +.env.production +.env.staging + +# Firebase configuration files (contain API keys) +android/app/google-services.json +ios/Runner/GoogleService-Info.plist +ios/firebase_app_id_file.json +android/app/src/google-services.json + +# Android signing credentials +android/key.properties +*.jks +*.keystore +release-keystore.jks +upload-keystore.jks + +# iOS signing and provisioning +ios/Runner/GoogleService-Info.plist +ios/Runner/Info.plist.backup +*.mobileprovision +*.p12 +*.certSigningRequest + +# Secret keys and credentials +**/secrets.json +**/credentials.json +**/*-credentials.json +**/api-keys.json +**/*-secrets.yaml + # Symbolication related app.*.symbols