security: remove .env from git and update .gitignore

CRITICAL: The .env file containing real database credentials was tracked in git. This commit: - Removes backend/.env from git tracking (file kept locally) - Adds .env patterns to .gitignore to prevent future commits - Updates .env.example with placeholder values only ACTION REQUIRED: Rotate all credentials that were exposed: - MySQL password - JWT secret key - Any other secrets in the .env file Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-13 21:24:16 +08:00
parent 35c90fe76b
commit a78d878865
3 changed files with 15 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,10 @@
+# Environment files (NEVER commit secrets!)
+.env
+.env.local
+.env.*.local
+*.env
+!.env.example
+
 # IDE
 .vscode/
 .idea/