# β NEVER commit these files: .env .env.local .env.production .env.development *.key *.pem *credentials* *secrets* config/local.json config/production.json# β Examples of what NOT to commit: TASKADE_API_TOKEN=your_api_token_here GITHUB_TOKEN=your_github_token_here DATABASE_URL=postgres://user:password@host:5432/db OPENAI_API_KEY=your_openai_key_here# β These are also excluded: scripts/ # Import/sync scripts package.json # Node dependencies for scripts *-urls.txt # Temporary URL lists help-center/_imported/ # Imported content (temporary)Instead of .env, create .env.example.template:
# β
Safe template example: # .env.example.template TASKADE_API_TOKEN=your_api_token_placeholder GITHUB_TOKEN=your_github_token_placeholder OPENAI_API_KEY=your_openai_key_placeholderAlways run these commands before committing:
# Check what you're about to commit git status git diff --cached # Look for sensitive patterns git diff --cached | grep -i -E "(token|key|secret|password|credential)" # Verify .gitignore is working git ls-files | grep -E "\.(env|key|pem)$"Create .git/hooks/pre-commit:
#!/bin/bash # Check for sensitive files if git diff --cached --name-only | grep -E "\.(env|key|pem)$"; then echo "β ERROR: Attempting to commit sensitive files!" echo "Files found:" git diff --cached --name-only | grep -E "\.(env|key|pem)$" exit 1 fi # Check for sensitive content if git diff --cached | grep -i -E "(token|key|secret|password|credential)" | grep -v "placeholder"; then echo "β ERROR: Potential sensitive content detected!" echo "Content found:" git diff --cached | grep -i -E "(token|key|secret|password|credential)" | grep -v "placeholder" exit 1 fi- DO NOT PUSH if you haven't already
- Remove the sensitive file and commit:
git rm .env git commit -m "Remove accidentally added .env file"- If already pushed, immediately revoke/rotate the exposed credentials
- Contact the team lead immediately
If secrets were pushed, use BFG Repo-Cleaner:
# Download BFG wget https://repo1.maven.org/maven2/com/madgag/bfg/1.14.0/bfg-1.14.0.jar # Remove sensitive files from history java -jar bfg-1.14.0.jar --delete-files .env java -jar bfg-1.14.0.jar --replace-text passwords.txt # Force push (coordinate with team!) git push --forceBefore every commit, verify:
- β
No
.envfiles in staging area - β No API keys/tokens in code
- β No credentials in configuration files
- β No temporary import scripts
- β No sensitive URLs or endpoints
- β
All secrets use placeholder values like
your_token_placeholder
docs.taskade.com/ βββ README.md # Public documentation βββ api/ # API documentation βββ features/ # Feature guides βββ genesis/ # Genesis documentation βββ automation/ # Automation guides βββ .gitbook/assets/ # Public images/assets Private/Hidden Content (β Never commit)
Local Development Only: βββ .env # Environment variables βββ scripts/ # Import/sync scripts βββ help-center/_imported/ # Temporary imported content βββ package.json # Script dependencies βββ *-urls.txt # Temporary URL lists If you accidentally commit sensitive information:
- Immediate: Stop all commits/pushes
- Contact: Team lead or repository maintainer
- Action: Revoke/rotate exposed credentials immediately
- Follow-up: Clean git history if necessary
Remember: This repository is PUBLIC and powers our documentation site. When in doubt, ask before committing!