GeoNetAgent, LDAPWeb, server-audit, server-connection
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

37 lines
1.3 KiB

---
description: Aturan keamanan wajib — credential, SSH, secret management
globs: ["**/*"]
alwaysApply: true
---
# Security Rules
## Larangan Mutlak
- ❌ JANGAN commit file `.env` ke repository
- ❌ JANGAN commit password, API key, token, atau private key
- ❌ JANGAN tampilkan nilai secret di output, log, atau response API
- ❌ JANGAN hardcode credential di code PHP atau PowerShell
- ❌ JANGAN overwrite `.env` di server saat deploy — `.env` berisi credentials production
## Lokasi Secret yang Benar
| Secret | Lokasi |
|--------|--------|
| App credentials | `/opt/stacks/geonet-console/.env` di server 10.100.1.24 |
| LDAP bind password | `.env` server (tidak di repo) |
| QNAP OSS secret key | `.env` server (tidak di repo) |
| SSH private key | `~/.ssh/` di laptop developer |
| MikroTik RSA key | `~/.ssh/id_rsa_mikrotik` |
## SSH Rules
- SSH commands ke server **wajib minta persetujuan user** sebelum dijalankan
- Jangan auto-run SSH command yang bersifat destructive
- SSH key: `id_ed25519` untuk server Linux, `id_rsa_mikrotik` untuk MikroTik
## Untuk AI Agent
- Jika diminta buat credential baru → catat lokasi penyimpanan di `docs/environment.md` (bukan nilainya)
- Jika ditemukan token di code → laporkan ke user, jangan commit
- Jika perlu generate APP_KEY → instruksikan user run `php artisan key:generate` di server