Description
Sensitive credentials appear to be committed to the repository.
Affected Files
Issue
The .env file appears to contain sensitive information such as application secret keys and database credentials. Additionally, docker-compose.yml includes database credentials.
Storing secrets directly in the repository increases the risk of accidental exposure and unauthorized access.
Expected Behavior
Sensitive credentials should not be committed to version control. Instead:
- Remove secrets from the repository.
- Add
.env to .gitignore.
- Provide a
.env.example file containing placeholder values.
- Use environment variables or a secure secret management solution for deployment.
Impact
- Potential credential leakage
- Unauthorized database access
- Increased security risk for deployments
I'd be happy to work on this issue if it's considered valid.
Description
Sensitive credentials appear to be committed to the repository.
Affected Files
.envdocker-compose.ymlIssue
The
.envfile appears to contain sensitive information such as application secret keys and database credentials. Additionally,docker-compose.ymlincludes database credentials.Storing secrets directly in the repository increases the risk of accidental exposure and unauthorized access.
Expected Behavior
Sensitive credentials should not be committed to version control. Instead:
.envto.gitignore..env.examplefile containing placeholder values.Impact
I'd be happy to work on this issue if it's considered valid.