infra/.gitignore

# Created by https://www.toptal.com/developers/gitignore/api/terraform
# Edit at https://www.toptal.com/developers/gitignore?templates=terraform

### Terraform ###
# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.backup

# Crash log files
crash.log

# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
#*.tfvars

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

git_crypt.key

# SOPS — decrypted secrets (temporary, never commit)
/secrets.auto.tfvars.json
/secrets.auto.tfvars.json.*

# Claude Code - temporary/sensitive files
.claude/cmd_input.txt
.claude/cmd_output.txt
.claude/cmd_status.txt
.claude/settings.local.json
.claude/._*

._*

# Terragrunt
.terragrunt-cache/

# Terraform state — plaintext is ignored, encrypted is committed
state/stacks/*/terraform.tfstate
state/stacks/*/terraform.tfstate.backup
state/stacks/*/*.backup
state/backups/
state/terraform.tfstate
state/infra/
# Allow encrypted state
!state/stacks/*/terraform.tfstate.enc

# Terragrunt-generated files (providers, backend config)
backend.tf
providers.tf
.terraform.lock.hcl

# Kubernetes config (sensitive)
config

# Node.js (not part of infra)
node_modules/
package-lock.json
package.json

# Archived - secrets now in SOPS (secrets.auto.tfvars.json)
terraform.tfvars