Skip to content

Sensitive secrets and credentials committed to the repository #150

Description

@way2nafea

Description

Sensitive credentials appear to be committed to the repository.

Affected Files

  • .env
  • docker-compose.yml

Issue

The .env file appears to contain sensitive information such as application secret keys and database credentials. Additionally, docker-compose.yml includes database credentials.

Storing secrets directly in the repository increases the risk of accidental exposure and unauthorized access.

Expected Behavior

Sensitive credentials should not be committed to version control. Instead:

  • Remove secrets from the repository.
  • Add .env to .gitignore.
  • Provide a .env.example file containing placeholder values.
  • Use environment variables or a secure secret management solution for deployment.

Impact

  • Potential credential leakage
  • Unauthorized database access
  • Increased security risk for deployments

I'd be happy to work on this issue if it's considered valid.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions