This repository is intended for enterprise technology operations teams and uses conservative defaults.
- Do not commit secrets, tenant URLs, API tokens, serial number inventories, or employee identifiers.
- Do not hard-code management credentials in scripts.
- Prefer exported inventory files, environment variables, or secret managers managed outside this repository.
- Keep logs useful for audit purposes but redact network addresses unless the operator explicitly opts in.
- Validate downloaded software with SHA-256 checksums and, when available, code-signing team identifiers.
- Use temporary working directories and remove them after execution.
- inventory and diagnostics scripts are read-only
- naming and upgrade workflows require explicit
--applyor--execute - deployment and removal workflows support
--dry-run - tests use fixtures and temporary directories instead of live enterprise systems
If you identify a security issue in one of these examples, open a private report with the maintainer rather than filing a public issue containing sensitive details.