search

Public-safe content policy

This policy defines what is allowed in public docs.

hashtag
Never publish

  • Private keys, seed phrases, keystore data

  • JWT/API secrets or encryption keys

  • Database credentials

  • Internal-only hostnames/IPs

  • Local absolute machine paths

  • Unredacted production incident data with sensitive metadata

hashtag
Always sanitize

  • Replace secrets with <REDACTED>

  • Replace absolute local paths with <repo-root>/...

  • Replace internal endpoints with <internal-endpoint>

hashtag
Security review

Every docs PR must pass redaction review before merge.

PreviousDocs governanceNextProduct update template

Last updated