From 10a52a268365bcc043b4a76fa4df8c6b7428fdd5 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Fri, 12 Jun 2026 20:11:41 +0000
Subject: [PATCH] gitignore: timestamped terraform.tfstate.*.backup (plaintext
 Tier-0 secrets) [ci skip]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Viktor's off-infra-builds wave 0 (infra#11): two untracked
terraform.tfstate.<ts>.backup files with live plaintext Tier-0 secrets
were sitting in stacks/infra/ unmatched by the existing *.tfstate.backup
patterns — one stray git add from the public repo. Pattern added;
the on-disk files are deleted separately.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 .gitignore | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitignore b/.gitignore
index 194db280..620d5a97 100755
--- a/.gitignore
+++ b/.gitignore
@@ -106,3 +106,7 @@ terraform.tfstate.backup
 
 # Per-feature git worktrees (worktree-first workflow — execution.md)
 .worktrees/
+
+# Timestamped terraform state backups (terraform.tfstate.<ts>.backup) — plaintext Tier-0
+# secrets; created by terraform state ops. The patterns above miss the timestamped form.
+terraform.tfstate.*.backup