From 6d68ed1506e94ad87278f5622098ce5aa2567e4c Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Mon, 12 Jan 2026 17:59:38 -0800
Subject: [PATCH] chore: add security-sensitive file patterns to .gitignore

Add patterns to prevent accidental commits of credential files:
- Tomcat/Java config files (context.xml, server.xml, etc.)
- Java keystores and truststores (*.jks, *.jceks, etc.)
- Spring Boot application properties with secrets
- Common credential files (credentials.json, secrets.json, etc.)
- PKCS12 keystores (*.p12, *.pfx)

This helps prevent password leaks in future Java backends that teams
may add to projects using this template.
---
 .gitignore | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/.gitignore b/.gitignore
index da8813114..743e3c4a3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -370,6 +370,34 @@ pyrightconfig.json
 *.pem
 *.pub
 
+# Security-sensitive configuration files (may contain passwords/credentials)
+# Tomcat/Java application server configuration
+**/context.xml
+**/server.xml
+**/tomcat-users.xml
+**/web.xml
+# Java keystores and truststores
+**/*.jks
+**/*.jceks
+**/keystore.*
+**/truststore.*
+# Spring Boot application properties with secrets
+**/application-local.properties
+**/application-prod.properties
+**/application-secrets.properties
+**/application-*.yml
+**/bootstrap-local.yml
+**/bootstrap-prod.yml
+# Other common credential/config files
+**/credentials.json
+**/secrets.json
+**/secrets.yml
+**/secrets.yaml
+**/config.local.*
+**/config.prod.*
+**/*.p12
+**/*.pfx
+
 # IDE
 .codebuddy