When storing AGENTS.md, treat it as sensitive agent configuration. Safety depends on encryption, URL handling, and password management.
Encryption checklist
- Always use password-protected backup (tar + openssl)
- Use a strong, unique password
- Never transmit password alongside URL
Download URL handling
- Store download URL in trusted secret storage
- Do not print full URLs in public logs
- Rotate by re-uploading if URL exposure is suspected
Password safety
- Store password separately from URL
- Use a password manager or secure vault
- Never commit passwords to source control
Suggested policy
- Keep only current and previous backup URL
- Store password in separate secure location
- Delete obsolete backups when no longer needed
- Rotate password with each new backup
Next reading