This project requires sensitive configuration for Maven Central publishing. To keep your credentials secure:

1. Copy the example file:

   cp gradle.properties.local.example gradle.properties.local

2. Edit gradle.properties.local with your real credentials:

   # Maven Central credentials
   ossrhUsername=your-sonatype-username
   ossrhPassword=your-sonatype-password-or-token
   
   # GPG signing configuration
   signing.gnupg.executable=path-to-your-gpg-executable
   signing.gnupg.keyName=your-gpg-key-id
   signing.gnupg.passphrase=your-gpg-key-password

3. Verify the file is ignored:

   git status
   # gradle.properties.local should NOT appear in the list

• ✅ gradle.properties.local is already in .gitignore
• ✅ The main gradle.properties contains only non-sensitive project settings
• ❌ NEVER commit files containing real passwords or API keys
• 🔄 Use Sonatype User Tokens instead of passwords when possible

If you accidentally commit sensitive information:

1. Immediately change your passwords/tokens
2. Remove the sensitive data from Git history:

   # Remove from current commit
   git reset --soft HEAD~1
   git reset gradle.properties
   
   # Or use git filter-branch for older commits
   git filter-branch --force --index-filter \
     'git rm --cached --ignore-unmatch gradle.properties' \
     --prune-empty --tag-name-filter cat -- --all

3. Force push to update remote repository
4. Generate new credentials on Sonatype

Before pushing commits, verify:

• No passwords in gradle.properties
• No API keys in source code
• gradle.properties.local is not tracked by Git
• Build files reference properties correctly

• Sonatype User Tokens
• GPG Key Management
• Git Security Best Practices