# β NEVER commit these files:
.env
.env.local
.env.production
.env.development
*.key
*.pem
*credentials*
*secrets*
config/local.json
config/production.json# β Examples of what NOT to commit:
TASKADE_API_TOKEN=your_api_token_here
GITHUB_TOKEN=your_github_token_here
DATABASE_URL=postgres://user:password@host:5432/db
OPENAI_API_KEY=your_openai_key_here# β These are also excluded:
scripts/ # Import/sync scripts
package.json # Node dependencies for scripts
*-urls.txt # Temporary URL lists
help-center/_imported/ # Imported content (temporary)Instead of .env, create .env.example.template:
# β
Safe template example:
# .env.example.template
TASKADE_API_TOKEN=your_api_token_placeholder
GITHUB_TOKEN=your_github_token_placeholder
OPENAI_API_KEY=your_openai_key_placeholderAlways run these commands before committing:
# Check what you're about to commit
git status
git diff --cached
# Look for sensitive patterns
git diff --cached | grep -i -E "(token|key|secret|password|credential)"
# Verify .gitignore is working
git ls-files | grep -E "\.(env|key|pem)$"Create .git/hooks/pre-commit:
#!/bin/bash
# Check for sensitive files
if git diff --cached --name-only | grep -E "\.(env|key|pem)$"; then
echo "β ERROR: Attempting to commit sensitive files!"
echo "Files found:"
git diff --cached --name-only | grep -E "\.(env|key|pem)$"
exit 1
fi
# Check for sensitive content
if git diff --cached | grep -i -E "(token|key|secret|password|credential)" | grep -v "placeholder"; then
echo "β ERROR: Potential sensitive content detected!"
echo "Content found:"
git diff --cached | grep -i -E "(token|key|secret|password|credential)" | grep -v "placeholder"
exit 1
fi- DO NOT PUSH if you haven't already
- Remove the sensitive file and commit:
git rm .env
git commit -m "Remove accidentally added .env file"- If already pushed, immediately revoke/rotate the exposed credentials
- Contact the team lead immediately
If secrets were pushed, use BFG Repo-Cleaner:
# Download BFG
wget https://repo1.maven.org/maven2/com/madgag/bfg/1.14.0/bfg-1.14.0.jar
# Remove sensitive files from history
java -jar bfg-1.14.0.jar --delete-files .env
java -jar bfg-1.14.0.jar --replace-text passwords.txt
# Force push (coordinate with team!)
git push --forceBefore every commit, verify:
- β
No
.envfiles in staging area - β No API keys/tokens in code
- β No credentials in configuration files
- β No temporary import scripts
- β No sensitive URLs or endpoints
- β
All secrets use placeholder values like
your_token_placeholder
docs.taskade.com/
βββ README.md # Public documentation
βββ api/ # API documentation
βββ features/ # Feature guides
βββ genesis/ # Genesis documentation
βββ automation/ # Automation guides
βββ .gitbook/assets/ # Public images/assets
Private/Hidden Content (β Never commit)
Local Development Only:
βββ .env # Environment variables
βββ scripts/ # Import/sync scripts
βββ help-center/_imported/ # Temporary imported content
βββ package.json # Script dependencies
βββ *-urls.txt # Temporary URL lists
If you accidentally commit sensitive information:
- Immediate: Stop all commits/pushes
- Contact: Team lead or repository maintainer
- Action: Revoke/rotate exposed credentials immediately
- Follow-up: Clean git history if necessary
Remember: This repository is PUBLIC and powers our documentation site. When in doubt, ask before committing!