lerko
60b30935b3
- Redact PostgreSQL DSN password from stdout/logs - Harden .dockerignore to exclude .ssh/, .claude/, *.db, *.local files - SSRF protection: block private/loopback/link-local IPs by default (UPTOP_ALLOW_PRIVATE_TARGETS=true to override for homelab use) - Fix email header injection via CRLF in monitor names - AES-256-GCM encryption for alert credentials at rest (UPTOP_ENCRYPTION_KEY env var, migrate-secrets subcommand) - TLS support for HTTP server (UPTOP_TLS_CERT/UPTOP_TLS_KEY) with HSTS header when TLS enabled
16 lines
178 B
Plaintext
16 lines
178 B
Plaintext
.git
|
|
tmp/
|
|
vendor/
|
|
|
|
# Security: keep sensitive/local files out of Docker build context
|
|
.ssh/
|
|
.claude/
|
|
.github/
|
|
.gitea/
|
|
CLAUDE.md
|
|
*.local.json
|
|
*.local.md
|
|
*.local
|
|
*.db
|
|
*.db-journal
|