CloudShell Academy LogoCloudShell Academy
Log InSign Up
AcademyTimeline Architect: Mastering the Time MachineProtocol 8: Code Ethics

Lesson 1: The Gatekeeper (.gitignore & Secrets)

Not everything belongs in Git. Passwords, API keys, build artifacts, and dependency folders should never be committed. The .gitignore file is your gatekeeper — it tells Git which files to ignore.

Why .gitignore Matters

| Never Commit | Why | |--------------|-----| | .env files | Contains secrets (API keys, passwords) | | node_modules/ | Thousands of files, can be reinstalled | | *.log | Generated output, not source code | | .DS_Store | macOS system files | | build/, dist/ | Compiled output, can be regenerated | | *.pyc, __pycache__/ | Python compiled bytecode |

Creating a .gitignore

Create a file named .gitignore in your project root:

# Dependencies
node_modules/
vendor/

# Environment & Secrets
.env
.env.local
*.key

# Build output
dist/
build/
*.o

# Logs
*.log
npm-debug.log*

# OS files
.DS_Store
Thumbs.db

# IDE files
.vscode/
.idea/
*.swp

Pattern Syntax

| Pattern | Matches | |---------|---------| | *.log | All .log files everywhere | | /build | Only the build folder in root | | build/ | Any folder named build anywhere | | !important.log | Exception: DO track this file | | docs/**/*.pdf | All PDFs inside docs and subdirs |

The .env Problem

The most common security mistake: committing a .env file with real credentials.

# ❌ WRONG: This is now in Git history FOREVER
git add .env
git commit -m "Add config"

# ✅ RIGHT: Add to .gitignore FIRST
echo '.env' >> .gitignore
git add .gitignore
git commit -m "Ignore .env file"

Already Committed a Secret?

If you accidentally committed a file that should be ignored:

# Remove from Git tracking (file stays on disk)
git rm --cached .env
echo '.env' >> .gitignore
git add .gitignore
git commit -m "Remove .env from tracking"

⚠️ Warning: The secret is still in your Git history! For public repos, you must rotate the credentials AND use tools like BFG Repo Cleaner to purge the history.

booting...

Mission Objective

Set up your project's security gates:

  1. Create the gate: Run echo 'node_modules/\n.env\n*.log\n.DS_Store' > .gitignore.
  2. Verify: Run git status --ignored to confirm files are being ignored.
  3. Fix a mistake: Run git rm --cached .env to stop tracking a secret file.

Mission Control

Create a .gitignore file

Expected Command

echo 'node_modules/ .env *.log .DS_Store' > .gitignore

Verify a file is being ignored

Stop tracking a file that was already committed

Previous: The Archaeologist: git bisectNext: The Craftsman: Conventional Commits