From a729c671d1bd3c0cd5599ee53eb86d6a90f5d8f7 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sat, 17 Jan 2026 11:24:16 +0200
Subject: Add security policy to AGENTS.md

Never commit secrets (SSH keys, tokens, passwords) to git.
Deploy them as Kubernetes Secrets and rotate if exposed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 f3s/AGENTS.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/f3s/AGENTS.md b/f3s/AGENTS.md
index 5637ce3..e6c51bb 100644
--- a/f3s/AGENTS.md
+++ b/f3s/AGENTS.md
@@ -1 +1,7 @@
 Follow file:///home/paul/Notes/snippets/f3s/f3s.md
+
+## Security Policy
+
+- **Never commit secrets to git.** This includes SSH private keys, API tokens, passwords, and any other sensitive credentials.
+- Secrets must be deployed as Kubernetes Secrets directly via `kubectl create secret` or through a secrets management solution.
+- If a secret is accidentally committed, it must be rotated immediately and pruned from git history using `git-filter-repo`.
-- 
cgit v1.2.3