add warning to ignore db files

Author: igorbenav

.gitignore

@@ -61,6 +61,12 @@ local_settings.py
 db.sqlite3
 db.sqlite3-journal
 
+# SQLite databases
+*.db
+*.db-journal*
+*.sqlite
+*.sqlite3
+
 # Flask stuff:
 instance/
 .webassets-cache
@@ -169,4 +175,5 @@ cython_debug/
 uv.lock
 .python-version
 
-local_test
+local_test
+crudadmin_data/

README.md

@@ -131,6 +131,32 @@ Navigate to `/admin` to access your admin interface with:
 - Responsive UI with dark/light themes
 - Built-in security features
 
+## ⚠️ Security Notice
+
+**Important for SQLite users:** If you're using SQLite databases (which is the default for CRUDAdmin), make sure to add database files to your `.gitignore`:
+
+```gitignore
+# SQLite databases - NEVER commit these to version control
+*.db
+*.sqlite
+*.sqlite3
+crudadmin_data/  # CRUDAdmin's default admin database directory
+
+# Also exclude database journals
+*.db-journal
+*.sqlite3-journal
+```
+
+**Why this matters:**
+- SQLite databases contain sensitive data including admin credentials, session tokens, and user data
+- Committing database files to public repositories exposes this sensitive information
+- Database files can become large and are not suitable for version control
+
+**What to commit instead:**
+- Database schema/migration files
+- Sample data files (with fake/sanitized data)
+- Configuration files (with placeholder values)
+
 ## Session Backends
 
 ### Development (Default)

docs/quick-start.md

@@ -133,7 +133,25 @@ app = FastAPI(lifespan=lifespan)
 app.mount("/admin", admin.app)
 ```
 
-And you're all done! 
+## 🔒 Security Setup
+
+**Before committing your code**, ensure your `.gitignore` excludes database files:
+
+```gitignore
+# Add these to your .gitignore
+*.db
+*.sqlite
+*.sqlite3
+crudadmin_data/
+*.db-journal
+*.sqlite3-journal
+```
+
+This prevents accidentally committing:
+- Your admin database with credentials
+- Application databases with user data
+- Session storage files
+- SQLite journal files
 
 ## Accessing Your Admin Interface
 

docs/usage/configuration.md

@@ -76,13 +76,22 @@ admin = CRUDAdmin(
 - **Optional parameters**: All other parameters have sensible defaults and can be omitted
 - **Most minimal setup**: `CRUDAdmin(session=get_session, SECRET_KEY="your-key")` uses all defaults
 
----
+!!! warning "Security Best Practices"
+    **Database Security:** When using SQLite, always add `*.db`, `*.sqlite`, and `crudadmin_data/` to your `.gitignore` to prevent committing sensitive data.
+
+    **Production Security:** For production environments, always follow these best practices:
+    
+    - Use strong, randomly generated secret keys.
+    - Use environment variables for all sensitive configuration.
+    - Use a robust session backend like Redis: `uv add "crudadmin[redis]"`
+    - Enable HTTPS and secure cookies to protect data in transit.
+    - Set up proper logging and monitoring to detect security events.
 
-## Essential Configuration Parameters
+---
 
-### Required Parameters
+## Parameter Details
 
-#### `session` (AsyncSession)
+### `session` (Callable, required)
 Your SQLAlchemy async session factory or callable that returns sessions:
 
 ```python