# Decrypted helm values — never commit plaintext secrets
helm/*.yaml
!helm/*.sops.yaml
!helm/*.yaml.template
!helm/openbao-values.yaml
# Kubernetes manifests (no secrets) are safe to commit
!helm/*-cluster.yaml
!helm/*-networkpolicies.yaml
!helm/*-databases.yaml

# Kubeconfig
*.kubeconfig
