diff --git a/.gitignore b/.gitignore
index 2fe3f12..fa15de6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,13 @@ apps/web/public/swe-worker-*.js
 # ARE committed to this private Gitea. Only ignore example overrides:
 .env.local
 .env.*.local
+# Anything inside envs/ EXCEPT the example template — a real env
+# file (envs/ENV) leaked once into commit 6893ca6 carrying the DB
+# password and AUTH_SECRET. Whitelist .env.example explicitly so a
+# future copy-paste of envs/.env.example into envs/ENV (or any other
+# name) gets blocked at git add time.
+envs/*
+!envs/.env.example
 
 # logs
 *.log
diff --git a/envs/ENV b/envs/ENV
deleted file mode 100644
index d20677e..0000000
--- a/envs/ENV
+++ /dev/null
@@ -1,50 +0,0 @@
-# === Postgres ===
-DATABASE_URL=postgres://waBot:cJe3SGjHHAitNBE4@192.168.0.210:5432/wabot
-
-# === App data paths (inside containers) ===
-DATA_DIR=/data
-SESSIONS_DIR=/data/sessions
-MEDIA_DIR=/data/media
-
-# === Bot service ===
-BOT_HEALTH_PORT=8081
-BOT_LOG_LEVEL=info
-
-# Reminder fan-out tuning. Defaults aim for an established WhatsApp
-# account (~30-60 msg/min safe band). Bump cautiously.
-#   BOT_FIRE_CONCURRENCY     pg-boss workers; max accounts firing in parallel.
-#   BOT_GROUP_CONCURRENCY    per-account parallel group sends; parts within a
-#                            group stay serial.
-#   BOT_MAX_SEND_PER_MINUTE  per-account token-bucket rate.
-BOT_FIRE_CONCURRENCY=8
-BOT_GROUP_CONCURRENCY=3
-BOT_MAX_SEND_PER_MINUTE=40
-
-# === Seed (used by scripts/db.sh seed) ===
-# The bootstrap operator's username. After seed, set their password
-# via:  echo 'change-me-now' | scripts/set-password.sh admin
-SEED_OPERATOR_USERNAME=admin
-SEED_OPERATOR_NAME=Operator
-
-# === Web / Auth ===
-# Port the Next.js container exposes on the host. Production deployment
-# (wabot.04080616.xyz) uses 8100; dev/staging (test.04080616.xyz) uses 9000.
-WEB_PORT=8100
-
-# 32-byte secret used to derive the AES-256-GCM key for session cookies.
-# DO NOT leave blank — the web container will refuse to issue cookies.
-# Generate via: scripts/gen_auth_secret.sh --write
-AUTH_SECRET=86f656580a58f03b6ccb43d257e0e801ecd5356e042e8886b3c7c569e29ff13c
-
-# Bumping this invalidates every outstanding session cookie globally on
-# the next request. Treat it as a kill switch (e.g. after a key leak)
-# rather than a routine value.
-OPERATOR_TOKEN_VERSION=1
-
-# === Docker Registry (used by scripts/publish.sh) ===
-# Tag pushed alongside latest. Override with the CLI arg or
-# DOCKER_IMAGE_TAG=v1.2.3 scripts/publish.sh.
-DOCKER_IMAGE_TAG=latest
-# Buildx target platforms. linux/amd64 is the prod host arch; add
-# linux/arm64 if you cross-build for an Apple-silicon runner.
-CM_IMAGE_PLATFORMS=linux/amd64