1015 B
1015 B
Git and secrets policy
Git
All durable text assets should be reviewable in Git.
Good candidates:
- architecture docs
- runbooks
- shared knowledge
- non-secret
.env.example - SOUL.md identity files
- desired cron declarations
- reusable skills
Bad candidates:
.env- auth files
- SSH keys
- tokens
- runtime databases
- sessions
- logs
- generated scheduler output
- caches
Before committing
Run:
git status --short --branch --untracked-files=all
git diff --check
For Agent0, also run:
python3 -m json.tool agents/gerhard-hermes/cron/desired-jobs.json >/dev/null
docker compose config --services >/dev/null
Secrets
Never read or commit live secret files unless the human explicitly asks and the action is necessary.
Sensitive filenames include:
.envsecrets.envauth.json- SSH private keys
- token files
- password dumps
When documenting required credentials, use names and placeholders only:
CONTENT_API_KEY=***
AGENT_PASSWORD=***