The .gitignore file now protects sensitive data from being pushed to git:
.envand.env.*files*.keyfiles*.pemfilessecrets.txtapi_keys.txt- Any
*_secrets.*files
*.tar.gz*.tgz*.tar*.zip*.rar*.7z
*.tmp,*.temp*.log/tmp/directory.bash_history- IDE files (
.vscode/,.idea/)
# Store API key in environment variable
export OPENAI_API_KEY='your-key-here'
# Add to ~/.bashrc for persistence
echo 'export OPENAI_API_KEY="your-key"' >> ~/.bashrc- Never commit API keys in code files
- Don't store keys in plain text files in the repo
- Avoid hardcoding keys in scripts
| File Type | Protected | Reason |
|---|---|---|
*.tar.gz |
β Yes | Archives excluded |
.env |
β Yes | Contains secrets |
*.key |
β Yes | Private keys |
*.log |
β Yes | May contain sensitive data |
.bash_history |
β Yes | May contain keys typed in terminal |
# See what files are being tracked
git ls-files
# Check if sensitive files are tracked
git ls-files | grep -E '\.tar\.gz|\.env|\.key'# Remove specific file
git rm --cached filename
# Commit the removal
git commit -m "Remove sensitive file"
# Push changes
git push origin mainIf you pushed an API key:
- Go to OpenAI Platform
- Delete the exposed key
- Generate a new key
- Update your local environment
# Use git filter-branch or BFG Repo-Cleaner
# This rewrites history - use with caution!# Try to add a protected file
touch test.tar.gz
git add test.tar.gz
# Should see: "The following paths are ignored..."
# This means .gitignore is working!Remember: The .gitignore file is now protecting your sensitive data! π