From b1a962f2bd504d9769cdf5b0997a47c678599189 Mon Sep 17 00:00:00 2001
From: "pensarappdev[bot]"
 <182706286+pensarappdev[bot]@users.noreply.github.com>
Date: Thu, 8 May 2025 13:13:27 +0000
Subject: [PATCH] Fix security issue: Environment File Exposure in Source
 Control (CWE-798)

---
 .gitignore | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6c159d3..3bd27c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,13 @@
-#environment file
-.env
-
+# environment files -- exclude all env and secret files
+.env
+.env.*
+!.env.example
+
+# WARNING: If .env or other sensitive files were committed in the past,
+# you must:
+#  1. Rotate credentials (invalidate and reissue them).
+#  2. Remove the file from git history 
+#     (see: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)
+# This .gitignore only prevents future commits.
+
 .idea
\ No newline at end of file