~/VibeHandbook
$39
Read the BookReferencePhilosophyGet the PDFFAQ

Chapter 01 · 08

.gitignore and never committing secrets

Some files should never go into Git. The big ones:

  • Secrets — API keys, passwords, database credentials. If you commit a secret to GitHub, treat it as leaked, even if you delete it later. The history remembers.
  • Junk — temporary files, downloaded dependencies (like node_modules), build output. Huge and pointless to track.

You control this with a file called .gitignore. You list patterns in it, and Git pretends those files don't exist. This is critical for vibe coders, because AI tools love to create config files with real keys in them, and it's easy to commit one by accident.

# A simple .gitignore file
.env
node_modules/
*.log

The .env line is the important one — that's where secrets usually live. Add .gitignore before your first commit, and make a habit of asking the AI: "is there anything in this commit that shouldn't be public?"

Want it offline?

Get the PDF + EPUB + downloadable prompt library + version updates.

$ Get the PDF — $39