---
description: Safe use of Gitea API token
globs:
alwaysApply: true
---

Rule: Gitea API token access and usage

Source of token:
- Environment variable `GITEA_TOKEN` must be set in the shell/session.

Security:
- Never print the token value to chat, logs, diffs, or console output.
- Do not hardcode the token.
- Do not store the token unencrypted on disk. Prefer environment variables or a secret manager.

Setup:
- Ensure `GITEA_TOKEN` is set before use (e.g., via secure secret manager or manual export without echoing the value).

HTTP:
- Add header: `Authorization: token $GITEA_TOKEN`.

CLI/Scripts:
- Pass `GITEA_TOKEN` to commands/scripts without printing its value.