fix(security): remove tracked secrets and add .env.example#186
fix(security): remove tracked secrets and add .env.example#186way2nafea wants to merge 2 commits into
Conversation
…ple, sanitize env and document usage
There was a problem hiding this comment.
🎉 Thank you for your first Pull Request to DevLink!
We appreciate your contribution to our open-source community.
Before your PR is reviewed, please ensure:
- ✅ The project builds successfully.
- ✅ Your code follows the project's coding standards.
- ✅ You have tested your changes.
- ✅ Related documentation has been updated if necessary.
Our maintainers will review your PR as soon as possible.
Thank you for helping improve DevLink! 💙
|
The description is currently incomplete. Please update it with: A clear summary of the changes made. Once the PR description is updated, and the CI workflow is failing. I'll verify whether this is caused by the repository configuration or by the changes in this PR. If it's related to the PR, please update it accordingly. |
|
Hi @nensii21, I've addressed the previous Frontend CI issue by updating the frontend I also noticed that the workflows are currently awaiting maintainer approval. Whenever you have time, could you please approve the workflows so the CI checks can run? Thank you! |
|
one CI check is still failing have a look.once its updated kindly let me know i will review it and merge this PR |
Summary
This PR improves the security of the project by removing tracked environment secrets and adopting environment variable best practices.
Changes Made
backend/.envfile from Git.backend/.env.examplewith placeholder values for local development..gitignoreentries to prevent committing environment files.docker-compose.ymlto use environment variable substitution instead of hardcoded credentials.Issue
Closes #150
Type of Change
Testing
.envis no longer tracked..env.docker-compose.ymlstarts correctly with environment variables..env.examplecan be used to create a local.env.Screenshots
1.
.gitignoreShows the updated

.gitignoreconfiguration to ensure.envand other sensitive/generated files are excluded from version control.2.
.env.exampleShows the newly added

.env.examplefile containing placeholder values for local development. No sensitive credentials are included.3.
docker-compose.ymlShows the updated Docker Compose configuration using the

env_filedirective and environment variable-based configuration instead of hardcoded credentials.Notes
This PR does not rewrite Git history or rotate previously committed secrets. Those actions should be performed by the repository maintainers if necessary.