The following files contain sensitive information and should NEVER be committed to version control:

• appsettings.json - Main server configuration with database credentials
• appsettings.*.json - Environment-specific settings

• *.db - SQLite database files
• *.sql - Database dumps or backups
• *.backup - Database backup files

• key.pem - Private keys
• *.p12, *.pfx - Certificate files
• keys/ - Directory containing private keys
• certificates/ - Directory containing certificates

• logs/ - Log directories may contain sensitive information
• *.log - Log files
• server.log - Server runtime logs

1. Copy example files:

   cp src/Standalone/appsettings.json.dist src/Standalone/appsettings.json

2. Update configuration:

   • Edit src/Standalone/appsettings.json with your database credentials
   • Update the PostgreSQL connection string with your database details
   • Generate strong random values for any security keys

3. Verify .gitignore:

   • Ensure all sensitive files are listed in .gitignore
   • Never force-add ignored files with git add -f

• Use strong, randomly generated passwords
• Regularly rotate encryption keys and passwords
• Enable database SSL/TLS connections in production
• Use secrets management systems for production environments
• Implement proper access controls for configuration files

If sensitive data is accidentally committed:

1. Immediately rotate all exposed credentials
2. Use git filter-branch or BFG Repo-Cleaner to remove from history
3. Force push to overwrite remote history (coordinate with team)
4. Notify all team members to re-clone the repository