Gabriel Radureau
e4a7f99333
provisionSandbox.ts now loads its own .env.sandbox (via @std/dotenv loadSync) instead of the shared .env, so prod (main.ts → .env) and sandbox (provisionSandbox.ts → .env.sandbox) configs don't collide. .gitignore widened to .env* (keeping .env.example tracked). .env.example rewritten to document the two-file convention + the per-env kubectl secret sources, including the caveat that a prod-seeded sandbox uses PROD's admin password. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 lines
181 B
Plaintext
7 lines
181 B
Plaintext
# Secrets — never commit. Covers .env (prod, main.ts) and .env.sandbox
|
|
# (sandbox, provisionSandbox.ts), plus any generated *.key.
|
|
.env*
|
|
!.env.example
|
|
.ai_agent_sandbox.key
|
|
*.key
|