20 lines
861 B
Plaintext
20 lines
861 B
Plaintext
# Backend Engineer — secrets allowlist
|
|
# Copy to .env (gitignored) and fill in real values. Platform encrypts on import.
|
|
# See ../SECRETS_MATRIX.md for the rationale of this scope.
|
|
#
|
|
# Engineers raise PRs and respond to review comments. Engineers do NOT merge
|
|
# (per SHARED_RULES.md rule 9 — Lead merges in their domain).
|
|
# The GH_TOKEN scope here should be PR-author only — sufficient for
|
|
# `gh pr create`, `gh issue create`, `gh pr comment`, but NOT `gh pr merge`.
|
|
|
|
# --- LLM ---
|
|
CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
|
|
|
|
# --- GitHub (PR-author scope only — see SECRETS_MATRIX.md) ---
|
|
# Generate a fine-grained PAT with scope limited to:
|
|
# - Pull requests: Read + Write (for create/comment, NOT merge)
|
|
# - Issues: Read + Write (for create/comment)
|
|
# - Contents: Read (for git clone)
|
|
# DO NOT grant Workflows or Administration scopes.
|
|
GH_TOKEN=
|