Free .gitignore Generator
Pick your stack and get a ready .gitignore · with the .env and secret-file rules that keep credentials out of your repository.
Frequently asked
Why does .gitignore matter for security?
Because committed secrets are forever: even after deletion, .env files and keys remain in git history. Ignoring them from day one is the cheapest security control you'll ever add.
I already committed my .env · does adding it to .gitignore fix that?
No. The file stays in history and the secrets are compromised · rotate every credential it contained, then remove it with git filter-repo and add the ignore rule so it can't happen again.
Run a full security scan →