Some checks failed
secret-scan / scan (push) Has been cancelled
The project begins with architecture, data governance, reproducible evaluation, deployment boundaries, and secret-handling contracts so later code has measurable acceptance criteria. Constraint: Real provider credentials, workspace identities, and restricted geological data must never enter Git Rejected: Add placeholder runnable services in the design commit | would imply unverified implementation readiness Confidence: high Scope-risk: narrow Reversibility: clean Directive: Run make verify before every commit and update ADRs when architecture boundaries change Tested: Secret scan, Markdown links, YAML parse, shell syntax, and staged diff validation Not-tested: Application runtime is intentionally deferred to the implementation stage
16 lines
994 B
Markdown
16 lines
994 B
Markdown
# 安全策略
|
|
|
|
## 凭证管理
|
|
|
|
仓库不接受任何真实 API Key、数据库密码、Cookie、访问令牌、私钥或内部服务凭证。开发环境使用未提交的 `secrets/` 文件;部署环境优先使用 Docker Secret 或云密钥管理服务。`.env.example` 只能保留空值或明显占位符。
|
|
|
|
如果凭证被公开,应立即在上游平台禁用、重置或删除。不要继续使用“只在私人仓库出现过”的密钥,也不要把 Git 历史清理当作密钥轮换的替代品。
|
|
|
|
## 地质资料安全
|
|
|
|
只允许导入已确认公开或取得书面授权的资料。涉密等级、版权许可、精确坐标或商业秘密状态不明确时,默认拒绝入库。发送到云端模型的文本会离开本机边界,因此受限资料不得使用云模型处理。
|
|
|
|
## 报告问题
|
|
|
|
发现泄漏时不要在公开 Issue 中粘贴凭证或原文。请只记录受影响资源、时间范围和脱敏后的证据,并立即执行轮换与访问审计。
|