# Only allow SOPS-encrypted files in version control
# Block all plaintext/temp secret files

# Allow only .sops.yaml files
*.yaml
!*.sops.yaml

# Block temporary files
*_temp.yaml
*_plaintext.yaml
*-temp.yaml
*.tmp
*.backup