Prox OS Internal Docs
TrustSecurityBaseline

Secrets Policy

No secrets in the repository.

Rule

No secrets in the repository.

This includes:

  • API keys.
  • OAuth secrets.
  • Database URLs.
  • Payment provider secrets.
  • Cloudflare tokens.
  • Recovery codes.
  • Personal identity documents.
  • Private financial records.

Accepted Patterns

  • .env.example with placeholder values.
  • Provider-native secret managers.
  • CI secret stores.
  • Local .env.local or .dev.vars files ignored by git.

AI Agent Rule

AI agents must not request, print, transform, summarize, or commit secrets. If a task appears to require a secret, stop and ask the human to use an approved secret-management path outside repo docs.

On this page