Security Guidelines

⚠️ Before Public Release

This repository contains configuration templates for internal company use. Before making this repository public, ensure:

🔐 Sensitive Files to Remove/Update

1. Configuration Files

   • Remove all appsettings.json and appsettings.*.json files
   • Use appsettings.template.json instead
   • Remove db.json files with actual connection strings

2. Environment Files

   • Keep only .env.example files with placeholder values
   • Remove all .env files with actual credentials

3. IP Addresses & Hosts

   • Replace all internal IP addresses (203.228.x.x, 10.10.x.x, 192.168.x.x)
   • Use {HOST}, {DB_HOST}, {K8S_HOST} placeholders

4. Credentials

   • Remove all passwords, API keys, tokens
   • Use {PASSWORD}, {API_KEY}, {TOKEN} placeholders

5. Email Addresses

   • Replace company emails with placeholder: {EMAIL}
   • Use generic example: [email protected]

6. Target Files (Prometheus/Monitoring)

   • Remove or sanitize all files in observability/prometheus/targets/
   • Use template files with placeholders

✅ Required Actions Before Publishing

# 1. Remove sensitive files from Git history
git filter-branch --force --index-filter \
  "git rm --cached --ignore-unmatch */appsettings.json" \
  --prune-empty -- --all

# 2. Force push (⚠️ WARNING: This rewrites history)
git push origin --force --all

# 3. Clean up local repository
rm -rf .git/refs/original/
git reflog expire --expire=now --all
git gc --prune=now --aggressive

📋 Checklist

• All passwords removed
• All internal IPs replaced with placeholders
• All email addresses sanitized
• Configuration files converted to templates
• .gitignore updated
• Git history cleaned
• README updated with setup instructions
• Security review completed

🛡️ Reporting Security Issues

If you discover a security vulnerability, please email: [email protected]

DO NOT create public GitHub issues for security vulnerabilities.