Skip to content

chore: add security-sensitive file patterns to .gitignore #2576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DerekRoberts merged 1 commit into from
Jan 13, 2026
Merged

chore: add security-sensitive file patterns to .gitignore #2576

DerekRoberts merged 1 commit into from
Jan 13, 2026

Conversation

@DerekRoberts
Copy link
Member

@DerekRoberts DerekRoberts commented Jan 13, 2026
edited by github-actions bot
Loading

Summary

Adds patterns to .gitignore to prevent accidental commits of credential files, particularly for Java/Tomcat backends that teams may add to projects using this template.

Changes

Added 28 new patterns to prevent credential leaks:

  • Tomcat/Java config files: context.xml, server.xml, tomcat-users.xml, web.xml
  • Java keystores: *.jks, *.jceks, keystore.*, truststore.*
  • Spring Boot configs: application-local.properties, application-prod.properties, application-*.yml, etc.
  • Common credential files: credentials.json, secrets.json, secrets.yml, etc.
  • PKCS12 keystores: *.p12, *.pfx

Motivation

Prevents password leaks in future Java backends (similar to context.xml leaks that have occurred). This is a proactive security measure for the template repository.

Testing

  • Verified patterns are syntactically correct
  • Patterns follow existing .gitignore conventions (using **/ for recursive matching)
  • Placed logically after existing security patterns (*.key, *.pem, *.pub)

Checklist

  • Changes are focused on security improvements
  • Follows existing .gitignore patterns and conventions
  • No breaking changes
  • Documentation/comments added where appropriate

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

@DerekRoberts
chore: add security-sensitive file patterns to .gitignore
6d68ed1 
Add patterns to prevent accidental commits of credential files:
- Tomcat/Java config files (context.xml, server.xml, etc.)
- Java keystores and truststores (*.jks, *.jceks, etc.)
- Spring Boot application properties with secrets
- Common credential files (credentials.json, secrets.json, etc.)
- PKCS12 keystores (*.p12, *.pfx)

This helps prevent password leaks in future Java backends that teams
may add to projects using this template.
Copilot AI review requested due to automatic review settings January 13, 2026 01:59
Copilot AI reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DerekRoberts DerekRoberts self-assigned this Jan 13, 2026
@DerekRoberts DerekRoberts merged commit b2ac83d into main Jan 13, 2026
19 checks passed
@DerekRoberts DerekRoberts deleted the chore/add-security-gitignore-patterns branch January 13, 2026 03:06
@github-project-automation github-project-automation bot moved this from New to Done in DevOps (NR) Jan 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@DerekRoberts DerekRoberts

Labels

None yet

Projects

DevOps (NR)
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DerekRoberts