Skip to content

examples.md

Latest commit

 

History

History
170 lines (120 loc) · 6.57 KB

examples.md

File metadata and controls

170 lines (120 loc) · 6.57 KB

Example Presets

Pre-configured presets available in the /guardrails:settings Examples tab. These can be applied to any config scope (global, local, or memory).

Source: src/commands/settings-command.ts

File Policy Presets

Secrets (.env)

Block dotenv-like files using glob patterns.

Field Value
ID example-secret-env-files
Protection noAccess
Patterns .env, .env.*
Exceptions .env.example, *.sample.env

Logs (*.log)

Mark log files as read-only to prevent accidental modification.

Field Value
ID example-log-files
Protection readOnly
Patterns *.log, *.out

Regex env

Regex-based matching for .env and .env.* files. Demonstrates regex mode.

Field Value
ID example-regex-env
Protection noAccess
Patterns ^\.env(\..+)?$ (regex)
Exceptions ^\.env\.example$ (regex)

SSH keys

Block access to SSH private key files.

Field Value
ID example-ssh-keys
Protection noAccess
Patterns *.pem, *_rsa, *_ed25519
Exceptions *.pub

AWS credentials

Block AWS CLI credentials and config files.

Field Value
ID example-aws-credentials
Protection noAccess
Patterns .aws/credentials, .aws/config

Database files

Mark SQLite and database files as read-only.

Field Value
ID example-database-files
Protection readOnly
Patterns *.db, *.sqlite, *.sqlite3

Kubernetes secrets

Block kubeconfig and Kubernetes secret files.

Field Value
ID example-k8s-secrets
Protection noAccess
Patterns .kube/config, *kubeconfig*

Certificates

Block SSL/TLS certificate and key files.

Field Value
ID example-certificates
Protection noAccess
Patterns *.crt, *.key, *.p12
Exceptions *.csr

Dangerous Command Presets

General

Label Pattern Description
Homebrew brew Homebrew package manager
git push --force git push --force Git force push
npm publish npm publish NPM package publishing
yarn publish yarn publish Yarn package publishing
pnpm publish pnpm publish PNPM package publishing
drop database DROP DATABASE SQL database drop
drop table DROP TABLE SQL table drop

dbt

Label Pattern Description
dbt run dbt run dbt model execution
dbt seed dbt seed dbt seed data loading

AWS

Label Pattern Description
aws s3 rm aws s3 rm AWS S3 object deletion
aws iam aws iam AWS IAM permission changes
aws ec2 terminate aws ec2 terminate-instances AWS EC2 instance termination

Kubernetes

Label Pattern Description
kubectl delete kubectl delete Kubernetes resource deletion
kubectl apply kubectl apply Kubernetes resource application
kubectl scale kubectl scale Kubernetes scaling operation

Docker

Label Pattern Description
Docker secrets docker inspect Docker inspect (may expose env vars)
docker rm docker rm Docker container removal
docker rmi docker rmi Docker image removal
docker system prune docker system prune Docker system cleanup
docker compose down docker compose down Docker Compose service teardown

Terraform

Label Pattern Description
Terraform apply terraform apply Terraform infrastructure changes
Terraform destroy terraform destroy Terraform infrastructure destruction
terraform import terraform import Terraform resource import

Google Cloud

Label Pattern Description
gcloud compute delete gcloud compute instances delete GCP compute instance deletion
gcloud iam gcloud iam GCP IAM permission changes
gcloud sql delete gcloud sql instances delete GCP Cloud SQL instance deletion