chore(security): protect sensitive files and local environment

[Hlib-Rachkovskyy]

Description

Security: Updated root and backend .gitignore files to protect sensitive artifacts (.env and certs/).

Changes

• Secured the repository against accidental commits of private RSA keys and local environment variables.

Verification

• Confirmed that certs/ and .env are correctly ignored by Git.

Summary by CodeRabbit

• Chores
  • Updated environment variable and sensitive configuration file exclusion patterns.

[coderabbitai]

Warning

Rate limit exceeded

@Hlib-Rachkovskyy has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 24 minutes and 59 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 24 minutes and 59 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 71f3a258-fd40-43a0-a592-42d0ae8d9bbd

📥 Commits

Reviewing files that changed from the base of the PR and between 9350d40 and e798c5c.

📒 Files selected for processing (1)

• .gitignore

📝 Walkthrough

Walkthrough

Two .gitignore files were updated: one to exclude .env files from version control, and another to change the certificate ignore path from src/main/resources/certs/ to certs/ in the backend directory.

Changes

Cohort / File(s)	Summary
Configuration .gitignore, backend/.gitignore	Updated ignore patterns: added .env file exclusion to root .gitignore, and modified backend certificate path from src/main/resources/certs/ to certs/ for JWT RSA keys.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A rabbit hops through git with care,
Secrets hidden, environment spare,
.env files tucked away so tight,*
Certs moved to root, nested just right,
No traces left for prying eyes—keeping safety in our sights! 🤫

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: protecting sensitive files and local environment variables by updating .gitignore entries.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🤖🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer from the team will review it as soon as possible. We appreciate your support in making this project better!

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.gitignore (1)

6-6: Consider using **/.env for comprehensive coverage.

The current pattern .env only ignores .env files at the repository root. Using **/.env would protect against .env files in any subdirectory.

🔒 Proposed enhancement for nested .env protection

-.env
+**/.env

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.gitignore at line 6, Update the .gitignore entry that currently lists
`.env` so it ignores .env files in any folder (not just the repo root); replace
or add the pattern `**/.env` to ensure nested .env files are ignored across all
subdirectories.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.gitignore:
- Line 6: Add a trailing newline to the end of the .gitignore file so the final
line (" .env") is terminated with a newline character; simply edit the file
containing the ".env" entry and ensure there is a blank line (newline) after
that line before saving.
- Line 6: Add the top-level certs/ pattern to the root .gitignore to prevent
committing RSA keys placed at the repository root; update the root .gitignore to
include "certs/" (matching how backend/.gitignore already ignores it) so files
referenced by application.properties (file:./certs/private_key.pem) and the
Dockerfile COPY from certs/ are protected from accidental commits.

---

Nitpick comments:
In @.gitignore:
- Line 6: Update the .gitignore entry that currently lists `.env` so it ignores
.env files in any folder (not just the repo root); replace or add the pattern
`**/.env` to ensure nested .env files are ignored across all subdirectories.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d73df53b-918c-48c1-b065-ef024960a47f

📥 Commits

Reviewing files that changed from the base of the PR and between 0e0b303 and 9350d40.

📒 Files selected for processing (2)

• .gitignore
• backend/.gitignore

[omatheusmesmo]

LGTM, @Hlib-Rachkovskyy !