🔐 Secrets Management Guide

You have sensitive files like .pem keys (for SSH access) and .env files (database passwords, API keys). These must NEVER be committed to Git.

Here is how to share them with your team securely.

1. What NOT to do ❌

NEVER push .env or .pem files to GitHub/GitLab.
NEVER send them via Slack/Discord/Messenger (these are not end-to-end encrypted for files and stay in history).
NEVER put them in a Google Doc.

If your team uses 1Password, Bitwarden, or LastPass:

Create a "Secure Note".
Paste the contents of your .env file there.
Attach the .pem file as a file attachment to the note.
Share the item with your team members via the password manager's sharing feature.

If you don't have a shared password manager:

Put your .env and .pem in a folder.
Zip it with a password:
```
zip -e secrets.zip .env key.pem
```
Send the secrets.zip file via email or chat.
Send the PASSWORD via a DIFFERENT channel (e.g., send file on Email, send password on Telegram/Signal).

For a small team, just have one person set up the server. If another developer needs access:

SSH Keys: Instead of sharing the .pem file, ask the developer for their Public SSH Key (id_rsa.pub).
Add their public key to the server's ~/.ssh/authorized_keys file.
Now they can SSH in using their own key, and you don't need to share the .pem file at all.

Local Machine: Keep them in a secure folder (e.g., ~/.ssh/ for keys).
Backup: Store a copy in your personal secure cloud storage (Google Drive/Dropbox) inside an encrypted zip or use a Password Manager.

Since you are using this repo for deployment:

Ensure .env is in your .gitignore.
Create a .env.example file in the repo.
- Include all the keys (e.g., DATABASE_URL=) but leave the values empty or put placeholders.
- This tells your team what variables they need to ask you for.