If you discover a security issue, please contact me privately rather than opening a public issue.

• This repository uses age encryption for sensitive files
• Private keys are stored locally and never committed
• Encrypted files have .age extension

• Never commit unencrypted secrets or API keys
• Use .chezmoiignore for files that shouldn't be synced
• Keep age identity files backed up separately
• Review diffs before applying changes with chezmoi diff