Remove sensitive backup files and add backups/ to .gitignore

- Remove .github-pat backup file containing API tokens
- Remove thrillwiki-automation.env backup with secrets
- Add backups/ directory to .gitignore to prevent future commits
- Preparing for BFG repo cleaner to remove secrets from history

.gitignore

@@ -394,4 +394,4 @@ profiles
 # Environment files with potential secrets
 scripts/systemd/thrillwiki-automation***REMOVED***
 scripts/systemd/thrillwiki-deployment***REMOVED***
-scripts/systemd/****REMOVED***
+scripts/systemd/****REMOVED***backups/

backups/config/.github-pat.20250818_210101.backup

@@ -1 +0,0 @@
-[GITHUB-TOKEN-REMOVED]

backups/config/thrillwiki-automation.env.20250818_210101.backup

@@ -1,203 +0,0 @@
-# ThrillWiki Automation Service Environment Configuration
-# Copy this file to thrillwiki-automation***REMOVED*** and customize for your environment
-# 
-# Security Note: This file should have restricted permissions (600) as it may contain
-# sensitive information like GitHub Personal Access Tokens
-
-# [AWS-SECRET-REMOVED]====================================
-# PROJECT CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Base project directory (usually auto-detected)
-# PROJECT_DIR=/home/ubuntu/thrillwiki
-
-# Service name for systemd integration
-# SERVICE_NAME=thrillwiki
-
-# [AWS-SECRET-REMOVED]====================================
-# GITHUB REPOSITORY CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# GitHub repository remote name
-# GITHUB_REPO=origin
-
-# Branch to pull from
-# GITHUB_BRANCH=main
-
-# GitHub Personal Access Token (PAT) - Required for private repositories
-# Generate at: https://github.com/settings/tokens
-# Required permissions: repo (Full control of private repositories)
-# GITHUB_TOKEN=ghp_your_personal_access_token_here
-
-# GitHub token file location (alternative to GITHUB_TOKEN)
-# GITHUB_TOKEN_FILE=/home/ubuntu/thrillwiki/.github-pat
-
-# [AWS-SECRET-REMOVED]====================================
-# AUTOMATION TIMING CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Repository pull interval in seconds (default: 300 = 5 minutes)
-# PULL_INTERVAL=300
-
-# Health check interval in seconds (default: 60 = 1 minute)
-# HEALTH_CHECK_INTERVAL=60
-
-# Server startup timeout in seconds (default: 120 = 2 minutes)
-# STARTUP_TIMEOUT=120
-
-# Restart delay after failure in seconds (default: 10)
-# RESTART_DELAY=10
-
-# [AWS-SECRET-REMOVED]====================================
-# LOGGING CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Log directory (default: project_dir/logs)
-# LOG_DIR=/home/ubuntu/thrillwiki/logs
-
-# Log file path
-# LOG_[AWS-SECRET-REMOVED]proof-automation.log
-
-# Maximum log file size in bytes (default: 10485760 = 10MB)
-# MAX_LOG_SIZE=10485760
-
-# Lock file location to prevent multiple instances
-# LOCK_FILE=/tmp/thrillwiki-bulletproof.lock
-
-# [AWS-SECRET-REMOVED]====================================
-# DEVELOPMENT SERVER CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Server host address (default: 0.0.0.0 for all interfaces)
-# SERVER_HOST=0.0.0.0
-
-# Server port (default: 8000)
-# SERVER_PORT=8000
-
-# [AWS-SECRET-REMOVED]====================================
-# DJANGO CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# Django settings module
-# DJANGO_SETTINGS_MODULE=thrillwiki.settings
-
-# Python path
-# PYTHONPATH=/home/ubuntu/thrillwiki
-
-# [AWS-SECRET-REMOVED]====================================
-# ADVANCED CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# GitHub authentication script location
-# GITHUB_AUTH_[AWS-SECRET-REMOVED]ithub-auth.py
-
-# Enable verbose logging (true/false)
-# VERBOSE_LOGGING=false
-
-# Enable debug mode for troubleshooting (true/false)
-# DEBUG_MODE=false
-
-# Custom git remote URL (overrides GITHUB_REPO if set)
-# CUSTOM_GIT_REMOTE=https://github.com/username/repository.git
-
-# Email notifications for critical failures (requires email configuration)
-# NOTIFICATION_EMAIL=admin@example.com
-
-# Maximum consecutive failures before alerting (default: 5)
-# MAX_CONSECUTIVE_FAILURES=5
-
-# Enable automatic dependency updates (true/false, default: true)
-# AUTO_UPDATE_DEPENDENCIES=true
-
-# Enable automatic migrations on code changes (true/false, default: true)
-# AUTO_MIGRATE=true
-
-# Enable automatic static file collection (true/false, default: true)
-# AUTO_COLLECTSTATIC=true
-
-# [AWS-SECRET-REMOVED]====================================
-# SECURITY CONFIGURATION
-# [AWS-SECRET-REMOVED]====================================
-
-# GitHub authentication method (token|ssh|https)
-# Default: token (uses GITHUB_TOKEN or GITHUB_TOKEN_FILE)
-# GITHUB_AUTH_METHOD=token
-
-# SSH key path for git operations (when using ssh auth method)
-# SSH_KEY_PATH=/home/ubuntu/.ssh/***REMOVED***
-
-# Git user configuration for commits
-# GIT_USER_NAME="ThrillWiki Automation"
-# GIT_USER_EMAIL="automation@thrillwiki.local"
-
-# [AWS-SECRET-REMOVED]====================================
-# MONITORING AND HEALTH CHECKS
-# [AWS-SECRET-REMOVED]====================================
-
-# Health check URL to verify server is running
-# HEALTH_CHECK_URL=http://localhost:8000/health/
-
-# Health check timeout in seconds
-# HEALTH_CHECK_TIMEOUT=30
-
-# Enable system resource monitoring (true/false)
-# MONITOR_RESOURCES=true
-
-# Memory usage threshold for warnings (in MB)
-# MEMORY_WARNING_THRESHOLD=1024
-
-# CPU usage threshold for warnings (percentage)
-# CPU_WARNING_THRESHOLD=80
-
-# Disk usage threshold for warnings (percentage)
-# DISK_WARNING_THRESHOLD=90
-
-# [AWS-SECRET-REMOVED]====================================
-# INTEGRATION SETTINGS
-# [AWS-SECRET-REMOVED]====================================
-
-# Webhook integration (if using thrillwiki-webhook service)
-# WEBHOOK_INTEGRATION=true
-
-# Slack webhook URL for notifications (optional)
-# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook/url
-
-# Discord webhook URL for notifications (optional)
-# DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/your/webhook/url
-
-# [AWS-SECRET-REMOVED]====================================
-# USAGE EXAMPLES
-# [AWS-SECRET-REMOVED]====================================
-
-# Example 1: Basic setup with GitHub PAT
-# GITHUB_TOKEN=ghp_your_token_here
-# PULL_INTERVAL=300
-# AUTO_MIGRATE=true
-
-# Example 2: Enhanced monitoring setup
-# HEALTH_CHECK_INTERVAL=30
-# MONITOR_RESOURCES=true
-# NOTIFICATION_EMAIL=admin@thrillwiki.com
-# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your/webhook
-
-# Example 3: Development environment with frequent pulls
-# PULL_INTERVAL=60
-# DEBUG_MODE=true
-# VERBOSE_LOGGING=true
-# AUTO_UPDATE_DEPENDENCIES=true
-
-# [AWS-SECRET-REMOVED]====================================
-# INSTALLATION NOTES
-# [AWS-SECRET-REMOVED]====================================
-
-# 1. Copy this file: cp thrillwiki-automation***REMOVED***.example thrillwiki-automation***REMOVED***
-# 2. Set secure permissions: chmod 600 thrillwiki-automation***REMOVED***
-# 3. Customize the settings above for your environment
-# 4. Enable the service: sudo systemctl enable thrillwiki-automation
-# 5. Start the service: sudo systemctl start thrillwiki-automation
-# 6. Check status: sudo systemctl status thrillwiki-automation
-# 7. View logs: sudo journalctl -u thrillwiki-automation -f
-
-# For security, ensure only the ubuntu user can read this file:
-# sudo chown ubuntu:ubuntu thrillwiki-automation***REMOVED***
-# sudo chmod 600 thrillwiki-automation***REMOVED***

secrets.txt

@@ -0,0 +1,131 @@
+***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+***REMOVED***.*
+***REMOVED***ironment
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+google-***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+***REMOVED***
+
+***REMOVED***
+***REMOVED***
+regex:ghp_[a-zA-Z0-9]{36}==>[GITHUB-TOKEN-REMOVED]
+regex:gho_[a-zA-Z0-9]{36}==>[GITHUB-TOKEN-REMOVED]
+regex:ghu_[a-zA-Z0-9]{36}==>[GITHUB-TOKEN-REMOVED]
+regex:ghs_[a-zA-Z0-9]{36}==>[GITHUB-TOKEN-REMOVED]
+regex:ghr_[a-zA-Z0-9]{36}==>[GITHUB-TOKEN-REMOVED]
+
+***REMOVED***
+regex:github_pat_[a-zA-Z0-9_]{82}==>[GITHUB-PAT-REMOVED]
+
+***REMOVED***
+regex:AKIA[0-9A-Z]{16}==>[AWS-ACCESS-KEY-REMOVED]
+regex:ASIA[0-9A-Z]{16}==>[AWS-SESSION-KEY-REMOVED]
+
+***REMOVED***
+regex:[A-Za-z0-9/+=]{40}==>[AWS-SECRET-REMOVED]
+
+***REMOVED***
+regex:AIza[0-9A-Za-z_-]{35}==>[GOOGLE-API-KEY-REMOVED]
+
+***REMOVED***
+regex:sk_live_[a-zA-Z0-9]{24}==>[STRIPE-SECRET-REMOVED]
+regex:pk_live_[a-zA-Z0-9]{24}==>[STRIPE-PUBLIC-REMOVED]
+regex:sk_test_[a-zA-Z0-9]{24}==>[STRIPE-TEST-SECRET-REMOVED]
+
+***REMOVED***
+regex:eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+==>[JWT-TOKEN-REMOVED]
+
+***REMOVED***
+regex:api_key["\s]*[:=]["\s]*[a-zA-Z0-9_-]{20,}==>[API-KEY-REMOVED]
+regex:apikey["\s]*[:=]["\s]*[a-zA-Z0-9_-]{20,}==>[API-KEY-REMOVED]
+regex:secret["\s]*[:=]["\s]*[a-zA-Z0-9_-]{20,}==>[SECRET-REMOVED]
+regex:password["\s]*[:=]["\s]*[a-zA-Z0-9_-]{8,}==>[PASSWORD-REMOVED]
+
+***REMOVED***
+regex:[DATABASE-URL-REMOVED]?\s]+==>[DATABASE-URL-REMOVED]
+regex:[DATABASE-URL-REMOVED]?\s]+==>[DATABASE-URL-REMOVED]
+regex:[DATABASE-URL-REMOVED]?\s]+==>[DATABASE-URL-REMOVED]
+
+***REMOVED***
+literal:[PRIVATE-KEY-REMOVED]==>[PRIVATE-KEY-REMOVED]
+literal:[RSA-PRIVATE-KEY-REMOVED]==>[RSA-PRIVATE-KEY-REMOVED]
+literal:[DSA-PRIVATE-KEY-REMOVED]==>[DSA-PRIVATE-KEY-REMOVED]
+literal:[EC-PRIVATE-KEY-REMOVED]==>[EC-PRIVATE-KEY-REMOVED]
+literal:[OPENSSH-PRIVATE-KEY-REMOVED]==>[OPENSSH-PRIVATE-KEY-REMOVED]
+
+***REMOVED***
+regex:xoxb-[0-9]{11}-[0-9]{11}-[a-zA-Z0-9]{24}==>[SLACK-BOT-TOKEN-REMOVED]
+regex:xoxp-[0-9]{11}-[0-9]{11}-[0-9]{11}-[a-fA-F0-9]{32}==>[SLACK-USER-TOKEN-REMOVED]
+
+***REMOVED***
+regex:[a-zA-Z0-9_-]{23,28}\.[a-zA-Z0-9_-]{6,7}\.[a-zA-Z0-9_-]{27}==>[DISCORD-TOKEN-REMOVED]
+
+***REMOVED***
+regex:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}==>[HEROKU-API-KEY-REMOVED]
+
+***REMOVED***
+regex:[1-9][0-9]+-[0-9a-zA-Z]{40}==>[TWITTER-ACCESS-TOKEN-REMOVED]
+
+***REMOVED***
+regex:EAA[0-9A-Za-z]{100,}==>[FACEBOOK-TOKEN-REMOVED]
+
+***REMOVED***
+regex:AC[a-fA-F0-9]{32}==>[TWILIO-SID-REMOVED]
+
+***REMOVED***
+regex:SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}==>[SENDGRID-API-KEY-REMOVED]
+
+***REMOVED***
+regex:key-[0-9a-fA-F]{32}==>[MAILGUN-API-KEY-REMOVED]
+
+***REMOVED***
+regex:A[a-zA-Z0-9_-]{80}==>[PAYPAL-CLIENT-ID-REMOVED]