---
date: 2026-03-28
title: "Remove .env from tracking — report"
---

Summary
-------

I removed `.env` from the repository index and added it to `.gitignore` to prevent accidental future commits. This was a non-destructive, forward-facing change — the repository history still contains prior commits that touched `.env`.

What I ran
-----------

- git rm --cached .env
- ensured `.gitignore` contains `.env`
- committed the change: chore(secrets): stop tracking .env and add to .gitignore

Commits that referenced .env
----------------------------

These commits touched `.env` in the repository history (from git log --all -- .env):

- 35f4667 2026-03-28 Sven Geboers chore(secrets): stop tracking .env and add to .gitignore
- 3551a82 2026-03-21 Sven Geboers feat(analysis): add 2D political compass and 2D trajectories

Notes
-----

- The `.env` file was removed from the index but remains in historical commits. If you need to remove it from history, we can perform a history rewrite (git-filter-repo or BFG) and force-push; this is destructive and requires coordination.
- I created a CI guard to fail builds if a `.env` file is present in the repository root (see .github/workflows/forbid-env.yml). This prevents accidental re-adding via pushes/PRs.

Next steps (recommended)
------------------------

1. Rotate secrets that might have been in `.env` (see the secrets-rotation checklist next). This is mandatory if those keys were used anywhere publicly or in shared CI.
2. If you require history purge, reply confirming and I'll prepare a filter-repo run and the exact force-push sequence.