Environment files (.env).env.env files hold environment variables — frequently API keys, database URLs, and tokens. When one sits in a repo, AI coding tools can read it as workspace context.Private keys (.key)*.keyFiles ending in .key usually hold private cryptographic keys for TLS, signing, or authentication — material that should never reach an AI assistant.Certificates and PEM keys (.pem)*.pem.pem files store certificates and keys in a base64 PEM container. They often include private keys, which AI assistants should never index.npm credentials (.npmrc).npmrcA project .npmrc can contain registry auth tokens (_authToken). When it is committed, both registries and AI tools can read those credentials.SSH private keysid_rsaSSH private keys (id_rsa, id_ed25519) grant access to servers and git remotes. They should never live in a repo an AI tool can read.AWS credential files.aws/credentialsAWS credential files store access keys that grant programmatic access to cloud accounts. Exposure to an AI tool can lead to account takeover.Android keystores (.jks, .keystore)*.jksAndroid keystores hold the signing keys used to publish apps. A leaked release keystore can let an attacker ship updates as you.PKCS#12 keystores (.p12, .pfx)*.p12PKCS#12 files (.p12, .pfx) bundle a certificate with its private key — common for code signing and client authentication.Terraform variable files (.tfvars)*.tfvars.tfvars files supply values to Terraform — often including provider credentials, passwords, and connection strings.Database dumps (.sql)*.sqlSQL dumps can contain production data — including personal information — that should not be indexed by an AI assistant.Local database files (.sqlite)*.sqliteLocal database files like .sqlite can hold real application data — sometimes copied from production — that an AI tool should not read.