fix: exclude internal dev files from Docker image and git tracking

- Add .claude/, CLAUDE.md, and non-README *.md to .dockerignore to
  prevent internal tooling files from being included in published image
- Add .claude/ to .gitignore to prevent accidental commits of local config
- Add dockerhub-overview.md for Docker Hub repository description

.dockerignore

@@ -30,3 +30,12 @@ build/
 tmp/
 temp/
 *.tmp
+
+# Claude Code files - internal dev tooling, never ship in image
+.claude/
+CLAUDE.md
+plans/
+
+# Documentation files not needed at runtime
+*.md
+!README.md

.gitignore

@@ -1 +1,2 @@
 node_modules/
+.claude/

dockerhub-overview.md

@@ -0,0 +1,21 @@
+# Keeper Secrets Manager Harness Plugin
+Retrieve secrets from Keeper Vault directly into your Harness CI pipeline steps at runtime —
+no secrets stored in Harness, no plaintext in pipeline configs.
+
+## Documentation
+For setup and usage, visit the [GitHub repository](https://github.com/Keeper-Security/harness-integration).
+
+## How to Use This Image
+```yaml
+step:
+  type: Plugin
+  spec:
+    image: keeper/harness-plugin:latest
+    settings:
+      ksm_config: <+secrets.getValue("Keeper_Config_Secret")>
+      secrets: |
+        RECORD_UID/field/password > DB_PASSWORD
+```
+
+## Support and Feedback
+For support or bug reports, file an issue on our [GitHub page](https://github.com/Keeper-Security/harness-integration/issues).