Skip to content

fix(security): remove tracked secrets and add .env.example#186

Open
way2nafea wants to merge 2 commits into
nensii21:mainfrom
way2nafea:sanitize/remove-secrets-20260706
Open

fix(security): remove tracked secrets and add .env.example#186
way2nafea wants to merge 2 commits into
nensii21:mainfrom
way2nafea:sanitize/remove-secrets-20260706

Conversation

@way2nafea

@way2nafea way2nafea commented Jul 6, 2026

Copy link
Copy Markdown

Summary

This PR improves the security of the project by removing tracked environment secrets and adopting environment variable best practices.

Changes Made

  • Removed the tracked backend/.env file from Git.
  • Added backend/.env.example with placeholder values for local development.
  • Added .gitignore entries to prevent committing environment files.
  • Updated docker-compose.yml to use environment variable substitution instead of hardcoded credentials.
  • Updated the documentation with instructions for configuring the environment.

Issue

Closes #150

Type of Change

  • Bug fix
  • Security improvement
  • New feature
  • Documentation only

Testing

  • Verified that .env is no longer tracked.
  • Verified that the application uses environment variables from .env.
  • Verified that docker-compose.yml starts correctly with environment variables.
  • Confirmed that .env.example can be used to create a local .env.

Screenshots

1. .gitignore

Shows the updated .gitignore configuration to ensure .env and other sensitive/generated files are excluded from version control.
image

2. .env.example

Shows the newly added .env.example file containing placeholder values for local development. No sensitive credentials are included.
image

3. docker-compose.yml

Shows the updated Docker Compose configuration using the env_file directive and environment variable-based configuration instead of hardcoded credentials.
image

Notes

This PR does not rewrite Git history or rotate previously committed secrets. Those actions should be performed by the repository maintainers if necessary.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 Thank you for your first Pull Request to DevLink!

We appreciate your contribution to our open-source community.

Before your PR is reviewed, please ensure:

  • ✅ The project builds successfully.
  • ✅ Your code follows the project's coding standards.
  • ✅ You have tested your changes.
  • ✅ Related documentation has been updated if necessary.

Our maintainers will review your PR as soon as possible.

Thank you for helping improve DevLink! 💙

@nensii21

nensii21 commented Jul 6, 2026

Copy link
Copy Markdown
Owner

The description is currently incomplete. Please update it with:

A clear summary of the changes made.
The issue number this PR addresses (e.g. Closes #123).
The type of change.
How you tested the implementation.
Add screenshots and videos anout your implementation.

Once the PR description is updated, and the CI workflow is failing. I'll verify whether this is caused by the repository configuration or by the changes in this PR. If it's related to the PR, please update it accordingly.

@way2nafea way2nafea changed the title chore(secrets): remove tracked backend/.env from index, add .env.exam… fix(security): remove tracked secrets and add .env.example Jul 6, 2026
@way2nafea

Copy link
Copy Markdown
Author

Hi @nensii21,

I've addressed the previous Frontend CI issue by updating the frontend package-lock.json and pushed the changes to this PR.

I also noticed that the workflows are currently awaiting maintainer approval. Whenever you have time, could you please approve the workflows so the CI checks can run?

Thank you!

@nensii21

nensii21 commented Jul 8, 2026

Copy link
Copy Markdown
Owner

one CI check is still failing have a look.once its updated kindly let me know i will review it and merge this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Sensitive secrets and credentials committed to the repository

2 participants