Merge pull request #23 from benavlabs/warning-gitignore

igorbenav · web-flow · commit f7da1e8c2dff · 2025-06-08T23:46:52.000-03:00
Warning gitignore
diff --git a/.gitignore b/.gitignore
@@ -61,6 +61,12 @@ local_settings.py
 db.sqlite3
 db.sqlite3-journal
 
+# SQLite databases
+*.db
+*.db-journal*
+*.sqlite
+*.sqlite3
+
 # Flask stuff:
 instance/
 .webassets-cache
@@ -169,4 +175,5 @@ cython_debug/
 uv.lock
 .python-version
 
-local_test
+local_test
+crudadmin_data/
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@
 
 **Documentation**: [https://benavlabs.github.io/crudadmin/](https://benavlabs.github.io/crudadmin/)
 
-> [!WARNING]  
+> \[!WARNING\]  
 > CRUDAdmin is still experimental. While actively developed and tested, APIs may change between versions. Upgrade with caution in production environments, always carefuly reading the changelog.
 
 ## Features
@@ -131,6 +131,21 @@ Navigate to `/admin` to access your admin interface with:
 - Responsive UI with dark/light themes
 - Built-in security features
 
+> \[!WARNING\]
+> **Important for SQLite users:** If you're using SQLite databases (which is the default for CRUDAdmin), make sure to add database files to your `.gitignore` to avoid committing sensitive data like admin credentials and session tokens.
+>
+> ```gitignore
+> # SQLite databases - NEVER commit these to version control
+> *.db
+> *.sqlite
+> *.sqlite3
+> crudadmin_data/
+>
+> # Also exclude database journals
+> *.db-journal
+> *.sqlite3-journal
+> ```
+
 ## Session Backends
 
 ### Development (Default)
diff --git a/docs/quick-start.md b/docs/quick-start.md
@@ -133,7 +133,25 @@ app = FastAPI(lifespan=lifespan)
 app.mount("/admin", admin.app)
 ```
 
-And you're all done! 
+## 🔒 Security Setup
+
+**Before committing your code**, ensure your `.gitignore` excludes database files:
+
+```gitignore
+# Add these to your .gitignore
+*.db
+*.sqlite
+*.sqlite3
+crudadmin_data/
+*.db-journal
+*.sqlite3-journal
+```
+
+This prevents accidentally committing:
+- Your admin database with credentials
+- Application databases with user data
+- Session storage files
+- SQLite journal files
 
 ## Accessing Your Admin Interface
 
diff --git a/docs/usage/configuration.md b/docs/usage/configuration.md
@@ -76,13 +76,22 @@ admin = CRUDAdmin(
 - **Optional parameters**: All other parameters have sensible defaults and can be omitted
 - **Most minimal setup**: `CRUDAdmin(session=get_session, SECRET_KEY="your-key")` uses all defaults
 
----
+!!! warning "Security Best Practices"
+    **Database Security:** When using SQLite, always add `*.db`, `*.sqlite`, and `crudadmin_data/` to your `.gitignore` to prevent committing sensitive data.
+
+    **Production Security:** For production environments, always follow these best practices:
+    
+    - Use strong, randomly generated secret keys.
+    - Use environment variables for all sensitive configuration.
+    - Use a robust session backend like Redis: `uv add "crudadmin[redis]"`
+    - Enable HTTPS and secure cookies to protect data in transit.
+    - Set up proper logging and monitoring to detect security events.
 
-## Essential Configuration Parameters
+---
 
-### Required Parameters
+## Parameter Details
 
-#### `session` (AsyncSession)
+### `session` (Callable, required)
 Your SQLAlchemy async session factory or callable that returns sessions:
 
 ```python
