Skip to content

Exposed credentials in .env.staging.example #161

Description

@muhamedfazalps

⚠️ Exposed Credentials in .env.staging.example

I found what appears to be real credentials committed in this file. This is a security risk as this repository is public.

Evidence

GOOGLE_RECAPTCHA_KEY=6LdKJrIUAAAAAALighiAy62sGoZjIFEm8Qy5Cdcf;GOOGLE_RECAPTCHA_SECRET=6LdKJrIUAAAAAGikr8rdVLR8UXV4Z8GrxIFNwUB4;

File Location

.env.staging.example

Recommendations

  1. Immediately rotate all exposed credentials
  2. Add .env.* files to .gitignore
  3. Use environment variables or a secrets manager instead
  4. Use git filter-branch or BFG Repo-Cleaner to remove from history
  5. Consider enabling GitHub secret scanning

If this is a false positive or the credentials are intentional, please close this issue.

🙏 If this report was helpful, consider supporting: buymeacoffee.com/muhamedfazalps

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions